GNU bug report logs -
#50511
27.2; url-http-handle-authentication should not raise error
Previous Next
Reported by: Jonas Bernoulli <jonas <at> bernoul.li>
Date: Fri, 10 Sep 2021 16:16:01 UTC
Severity: normal
Tags: patch
Found in version 27.2
Fixed in version 28.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50511 in the body.
You can then email your comments to 50511 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#50511
; Package
emacs
.
(Fri, 10 Sep 2021 16:16:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jonas Bernoulli <jonas <at> bernoul.li>
:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org
.
(Fri, 10 Sep 2021 16:16:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Since [1: 64b469f6ae] url-http-handle-authentication raises an error
when it detects that we already tried to make an authenticated request.
1: 2019-07-26 64b469f6ae8173116ec948ac43cd44efe4b5a221
Don't infloop in url.el when sending invalid basic auth
Instead of signaling an error using `error', it should simply return t
to indicate that no further requests should be made and the response
data (in this case error data) should be passed to the handler, i.e. to
indicate that the request "successfully failed". Then the error handler
can inspect the response and decide how to react.
This is how it is done for all other https response codes, including all
other error codes. This approach also solves the infloop issue but also
makes it possible to use an error handler as intended.
Jonas
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#50511
; Package
emacs
.
(Sat, 11 Sep 2021 13:06:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 50511 <at> debbugs.gnu.org (full text, mbox):
Jonas Bernoulli <jonas <at> bernoul.li> writes:
> Since [1: 64b469f6ae] url-http-handle-authentication raises an error
> when it detects that we already tried to make an authenticated request.
>
> 1: 2019-07-26 64b469f6ae8173116ec948ac43cd44efe4b5a221
> Don't infloop in url.el when sending invalid basic auth
>
> Instead of signaling an error using `error', it should simply return t
> to indicate that no further requests should be made and the response
> data (in this case error data) should be passed to the handler, i.e. to
> indicate that the request "successfully failed". Then the error handler
> can inspect the response and decide how to react.
>
> This is how it is done for all other https response codes, including all
> other error codes. This approach also solves the infloop issue but also
> makes it possible to use an error handler as intended.
Makes sense. Can you propose a patch for this (since you can reproduce
the problem and verify that the patch fixes it)?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#50511
; Package
emacs
.
(Thu, 16 Sep 2021 18:33:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 50511 <at> debbugs.gnu.org (full text, mbox):
* lisp/url/url-http.el (url-http-handle-authentication): Return t
instead of raising an error, instructing the caller to invoke the
request specific error handler (bug#50511).
---
lisp/url/url-http.el | 94 ++++++++++++++++++++++----------------------
1 file changed, 47 insertions(+), 47 deletions(-)
diff --git a/lisp/url/url-http.el b/lisp/url/url-http.el
index ba13a17a8f..1530016397 100644
--- a/lisp/url/url-http.el
+++ b/lisp/url/url-http.el
@@ -462,53 +462,53 @@ url-http-handle-authentication
;; credentials to the server, and they were wrong, so just give
;; up.
(let ((authorization (assoc "Authorization" url-http-extra-headers)))
- (when (and authorization
- (not (string-match "^NTLM " (cdr authorization))))
- (error "Wrong authorization used for %s" url)))
-
- ;; find strongest supported auth
- (dolist (this-auth auths)
- (setq this-auth (url-eat-trailing-space
- (url-strip-leading-spaces
- this-auth)))
- (let* ((this-type
- (downcase (if (string-match "[ \t]" this-auth)
- (substring this-auth 0 (match-beginning 0))
- this-auth)))
- (registered (url-auth-registered this-type))
- (this-strength (cddr registered)))
- (when (and registered (> this-strength strength))
- (setq auth this-auth
- type this-type
- strength this-strength))))
-
- (if (not (url-auth-registered type))
- (progn
- (widen)
- (goto-char (point-max))
- (insert "<hr>Sorry, but I do not know how to handle " (or type auth url "")
- " authentication. If you'd like to write it,"
- " please use M-x report-emacs-bug RET.<hr>")
- ;; We used to set a `status' var (declared "special") but I can't
- ;; find the corresponding let-binding, so it's probably an error.
- ;; FIXME: Maybe it was supposed to set `success', i.e. to return t?
- ;; (setq status t)
- nil) ;; Not success yet.
-
- (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth)))
- (auth (url-get-authentication auth-url
- (cdr-safe (assoc "realm" args))
- type t args)))
- (if (not auth)
- t ;Success.
- (push (cons (if proxy "Proxy-Authorization" "Authorization") auth)
- url-http-extra-headers)
- (let ((url-request-method url-http-method)
- (url-request-data url-http-data)
- (url-request-extra-headers url-http-extra-headers))
- (url-retrieve-internal url url-callback-function
- url-callback-arguments))
- nil))))) ;; Not success yet.
+ (if (and authorization
+ (not (string-match "^NTLM " (cdr authorization)))) ;Bug#43566
+ t ;; Instruct caller to signal an error. Bug#50511
+ ;; Find strongest supported auth.
+ (dolist (this-auth auths)
+ (setq this-auth (url-eat-trailing-space
+ (url-strip-leading-spaces
+ this-auth)))
+ (let* ((this-type
+ (downcase (if (string-match "[ \t]" this-auth)
+ (substring this-auth 0 (match-beginning 0))
+ this-auth)))
+ (registered (url-auth-registered this-type))
+ (this-strength (cddr registered)))
+ (when (and registered (> this-strength strength))
+ (setq auth this-auth
+ type this-type
+ strength this-strength))))
+
+ (if (not (url-auth-registered type))
+ (progn
+ (widen)
+ (goto-char (point-max))
+ (insert "<hr>Sorry, but I do not know how to handle "
+ (or type auth url "")
+ " authentication. If you'd like to write it,"
+ " please use M-x report-emacs-bug RET.<hr>")
+ ;; We used to set a `status' var (declared "special") but I can't
+ ;; find the corresponding let-binding, so it's probably an error.
+ ;; FIXME: Maybe it was supposed to set `success', i.e. to return t?
+ ;; (setq status t)
+ nil) ;; Not success yet.
+
+ (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth)))
+ (auth (url-get-authentication auth-url
+ (cdr-safe (assoc "realm" args))
+ type t args)))
+ (if (not auth)
+ t ;Success.
+ (push (cons (if proxy "Proxy-Authorization" "Authorization") auth)
+ url-http-extra-headers)
+ (let ((url-request-method url-http-method)
+ (url-request-data url-http-data)
+ (url-request-extra-headers url-http-extra-headers))
+ (url-retrieve-internal url url-callback-function
+ url-callback-arguments))
+ nil))))))) ;; Not success yet.
(defun url-http-parse-response ()
"Parse just the response code."
--
2.33.0
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#50511
; Package
emacs
.
(Fri, 17 Sep 2021 14:28:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 50511 <at> debbugs.gnu.org (full text, mbox):
Jonas Bernoulli <jonas <at> bernoul.li> writes:
> * lisp/url/url-http.el (url-http-handle-authentication): Return t
> instead of raising an error, instructing the caller to invoke the
> request specific error handler (bug#50511).
Looks good to me; please go ahead and push.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) patch.
Request was from
Stefan Kangas <stefan <at> marxist.se>
to
control <at> debbugs.gnu.org
.
(Sun, 19 Sep 2021 15:19:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#50511
; Package
emacs
.
(Mon, 20 Sep 2021 19:20:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 50511 <at> debbugs.gnu.org (full text, mbox):
> Looks good to me; please go ahead and push.
Done. Please close.
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#50511
; Package
emacs
.
(Mon, 20 Sep 2021 19:25:01 GMT)
Full text and
rfc822 format available.
Message #22 received at 50511 <at> debbugs.gnu.org (full text, mbox):
Jonas Bernoulli <jonas <at> bernoul.li> writes:
>> Looks good to me; please go ahead and push.
>
> Done. Please close.
OK; done.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
bug marked as fixed in version 28.1, send any further explanations to
50511 <at> debbugs.gnu.org and Jonas Bernoulli <jonas <at> bernoul.li>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org
.
(Mon, 20 Sep 2021 19:25:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Tue, 19 Oct 2021 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 190 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.