bug#10478: 24.0.50; url-http-parse-headers can silently drop the response when handling BASIC AUTHENTICATION

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: David Engster <deng@randomsample.de>
To: Jerry Asher <jerry.asher@gmail.com>
Cc: larsi@gnus.org, 10478@debbugs.gnu.org
Subject: bug#10478: 24.0.50; url-http-parse-headers can silently drop the response when handling BASIC AUTHENTICATION
Date: Thu, 08 Jun 2017 22:08:30 +0200	[thread overview]
Message-ID: <874lvqgs3l.fsf@engster.org> (raw)
In-Reply-To: <CAEtC88X2unbMN7D_giztU=o9QKFJYOE+9U-2Rx3P4OAdNr=2Dg@mail.gmail.com> (Jerry Asher's message of "Sat, 3 Jun 2017 05:56:03 -0700")

Jerry Asher writes:
> The next bug occurs in url-http-parse-headers where the 401 and 407 cases which
> deal with authentication do not take into account that the url contents may
> have changed as a result of authentication. And there all I did was to cut and
> paste the previously self-declared hack from the 3XX case in.

[...]

>          (unauthorized                  ; 401
>           ;; The request requires user authentication.  The response
>           ;; MUST include a WWW-Authenticate header field containing a
>           ;; challenge applicable to the requested resource.  The
>           ;; client MAY repeat the request with a suitable
>           ;; Authorization header field.
>
>           ;; bug patch because url-http-handle-authentication
>           ;; might return a new buffer
>
>           (let ((retval (url-http-handle-authentication nil)))
>             (url-http-debug "Url Http Parse Headers: handling
> authentication return buffer TO %s" retval)
>             (when retval
>               ;; Put in the current buffer a forwarding pointer to the new
>               ;; destination buffer.
>               ;; FIXME: This is a hack to fix url-retrieve-synchronously
>               ;; without changing the API.  Instead url-retrieve should
>               ;; either simply not return the "destination" buffer, or it
>               ;; should take an optional `dest-buf' argument.
>               (set (make-local-variable 'url-redirect-buffer)
>                    retval)
>               (url-http-debug "Url Http Parse Headers: handling
> authentication return buffer TO %s -> %s 2:"
>                               retval url-redirect-buffer)
>               (url-mark-buffer-as-dead buffer))))

That did not work for me. The reason is that at the end of this block,
`url-mark-buffer-as-dead' will return non-nil, so the 'success'-flag
will be set. If the callback is called immediately because
Content-Length is '0' (which is often the case for '401'),
`url-retrieve-synchronously' won't look at the url-redirect-buffer
variable.

So I let that block always return 'nil' and that seems to do the trick,
but I'll do some more testing. In the meantime, I'll send you the form
for assigning copyright to the FSF in a separate mail. [Whether a patch
is considered 'trivial' almost entirely depends on quantity. The general
rule is: If the amount of added lines is below ~10, it is considered
trivial, otherwise papers are required.]

-David

next prev parent reply	other threads:[~2017-06-08 20:08 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-11  7:03 bug#10478: 24.0.50; url-http-parse-headers can silently drop the response when handling BASIC AUTHENTICATION Jerry Asher
2012-01-11  7:54 ` bug#10478: Possible fix?? Jerry Asher
2012-01-11  9:42   ` Michael Albinus
2015-12-25 21:49 ` bug#10478: 24.0.50; url-http-parse-headers can silently drop the response when handling BASIC AUTHENTICATION Lars Ingebrigtsen
2017-06-03 10:41   ` David Engster
2017-06-03 11:04     ` Lars Ingebrigtsen
2017-06-03 11:05     ` Eli Zaretskii
2017-06-03 12:56       ` Jerry Asher
2017-06-08 20:08         ` David Engster [this message]
2019-09-24  6:55           ` Lars Ingebrigtsen
2019-09-24  7:15             ` Eli Zaretskii
2019-09-24  7:27               ` Lars Ingebrigtsen
2019-09-24  7:23             ` David Engster
2019-09-24  7:27               ` Lars Ingebrigtsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874lvqgs3l.fsf@engster.org \
    --to=deng@randomsample.de \
    --cc=10478@debbugs.gnu.org \
    --cc=jerry.asher@gmail.com \
    --cc=larsi@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).