* bug#36619: 26.2; url-auth: Base64 encoded Basic auth password truncated
@ 2019-07-12 18:07 Joshua Bachmeier
2019-07-12 23:28 ` Lars Ingebrigtsen
0 siblings, 1 reply; 2+ messages in thread
From: Joshua Bachmeier @ 2019-07-12 18:07 UTC (permalink / raw)
To: 36619
My password (retrived by the url package with `auth-source') is rather
long. When encoding it in base64 (using `base64-encode-string') in
`url/url-auth.el:123' it is split into multiple lines (this behaviour is
specified in the documentation of `base64-encode-string'. However, since
the base64-string is then simply put into the HTTP header, everything
after the first newline is lost, the password is effectively truncated.
`base64-encode-string' provides an optional argument to supress line
splitting. I guess this should be used here (and propably in many other places).
In GNU Emacs 26.2 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.8)
of 2019-04-12 built on juergen
Windowing system distributor 'The X.Org Foundation', version 11.0.12005000
Configured using:
'configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
--localstatedir=/var --with-x-toolkit=gtk3 --with-xft --with-modules
'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong
-fno-plt' CPPFLAGS=-D_FORTIFY_SOURCE=2
LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now'
--
Joshua Bachmeier
^ permalink raw reply [flat|nested] 2+ messages in thread
* bug#36619: 26.2; url-auth: Base64 encoded Basic auth password truncated
2019-07-12 18:07 bug#36619: 26.2; url-auth: Base64 encoded Basic auth password truncated Joshua Bachmeier
@ 2019-07-12 23:28 ` Lars Ingebrigtsen
0 siblings, 0 replies; 2+ messages in thread
From: Lars Ingebrigtsen @ 2019-07-12 23:28 UTC (permalink / raw)
To: Joshua Bachmeier; +Cc: 36619
Joshua Bachmeier <joshua@bachmeier.cc> writes:
> My password (retrived by the url package with `auth-source') is rather
> long. When encoding it in base64 (using `base64-encode-string') in
> `url/url-auth.el:123' it is split into multiple lines (this behaviour is
> specified in the documentation of `base64-encode-string'. However, since
> the base64-string is then simply put into the HTTP header, everything
> after the first newline is lost, the password is effectively truncated.
This should now be fixed on the Emacs trunk.
> `base64-encode-string' provides an optional argument to supress line
> splitting. I guess this should be used here (and propably in many
> other places).
I went through the Emacs codebase, and the only other place this seemed
to be an issue was in nnimap.el, and explains a mysterious bug report
about truncated auth.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-07-12 23:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-12 18:07 bug#36619: 26.2; url-auth: Base64 encoded Basic auth password truncated Joshua Bachmeier
2019-07-12 23:28 ` Lars Ingebrigtsen
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).