From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: David Engster Newsgroups: gmane.emacs.bugs Subject: bug#10478: 24.0.50; url-http-parse-headers can silently drop the response when handling BASIC AUTHENTICATION Date: Thu, 08 Jun 2017 22:08:30 +0200 Message-ID: <874lvqgs3l.fsf@engster.org> References: <8737uqyzam.fsf@gnus.org> <87y3t9xsic.fsf@engster.org> <83k24tbabk.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1496952552 12927 195.159.176.226 (8 Jun 2017 20:09:12 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 8 Jun 2017 20:09:12 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) Cc: larsi@gnus.org, 10478@debbugs.gnu.org To: Jerry Asher Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jun 08 22:09:08 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dJ3jv-00038s-Oe for geb-bug-gnu-emacs@m.gmane.org; Thu, 08 Jun 2017 22:09:07 +0200 Original-Received: from localhost ([::1]:51299 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dJ3k1-0000MI-6H for geb-bug-gnu-emacs@m.gmane.org; Thu, 08 Jun 2017 16:09:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39221) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dJ3jv-0000Lw-5h for bug-gnu-emacs@gnu.org; Thu, 08 Jun 2017 16:09:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dJ3jq-0004rs-2V for bug-gnu-emacs@gnu.org; Thu, 08 Jun 2017 16:09:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:32817) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dJ3jp-0004rn-Up for bug-gnu-emacs@gnu.org; Thu, 08 Jun 2017 16:09:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dJ3jp-0002aV-Mc for bug-gnu-emacs@gnu.org; Thu, 08 Jun 2017 16:09:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 08 Jun 2017 20:09:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 10478 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: confirmed Original-Received: via spool by 10478-submit@debbugs.gnu.org id=B10478.14969525219913 (code B ref 10478); Thu, 08 Jun 2017 20:09:01 +0000 Original-Received: (at 10478) by debbugs.gnu.org; 8 Jun 2017 20:08:41 +0000 Original-Received: from localhost ([127.0.0.1]:35494 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dJ3jV-0002Zo-JG for submit@debbugs.gnu.org; Thu, 08 Jun 2017 16:08:41 -0400 Original-Received: from randomsample.de ([5.45.97.173]:53491) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dJ3jU-0002Zf-I6 for 10478@debbugs.gnu.org; Thu, 08 Jun 2017 16:08:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=ZMreXGCbI3Il0HqiLkCeqxQThS2o/PWGKirz0Lq0dQc=; b=LKH9IQvIgX1KtRHmbS2OVyqqsXu9oi/4tUEr6zUiTxylS6sb+We6RtvsM6L+xrAYtfKWLtQ7/IE/V0H1umTyTYG6aitMAfXs6tIH8zDROG3fIipmXXCgM4ah8022tsYJ; Original-Received: from [77.22.129.210] (helo=isaac) by randomsample.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1dJ3jS-0007aU-1W; Thu, 08 Jun 2017 22:08:38 +0200 In-Reply-To: (Jerry Asher's message of "Sat, 3 Jun 2017 05:56:03 -0700") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:133408 Archived-At: Jerry Asher writes: > The next bug occurs in url-http-parse-headers where the 401 and 407 cases= which > deal with authentication do not take into account that the url contents m= ay > have changed as a result of authentication. And there all I did was to cu= t and > paste the previously self-declared hack from the 3XX case in. [...] > =A0 =A0 =A0 =A0 =A0(unauthorized =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0; 401 > =A0 =A0 =A0 =A0 =A0 ;; The request requires user authentication.=A0 The r= esponse > =A0 =A0 =A0 =A0 =A0 ;; MUST include a WWW-Authenticate header field conta= ining a > =A0 =A0 =A0 =A0 =A0 ;; challenge applicable to the requested resource.=A0= The > =A0 =A0 =A0 =A0 =A0 ;; client MAY repeat the request with a suitable > =A0 =A0 =A0 =A0 =A0 ;; Authorization header field. > > =A0 =A0 =A0 =A0 =A0 ;; bug patch because url-http-handle-authentication > =A0 =A0 =A0 =A0 =A0 ;; might return a new buffer > > =A0 =A0 =A0 =A0 =A0 (let ((retval (url-http-handle-authentication nil))) > =A0 =A0 =A0 =A0 =A0 =A0 (url-http-debug "Url Http Parse Headers: handling > authentication return buffer TO %s" retval) > =A0 =A0 =A0 =A0 =A0 =A0 (when retval > =A0 =A0 =A0 =A0 =A0 =A0 =A0 ;; Put in the current buffer a forwarding poi= nter to the new > =A0 =A0 =A0 =A0 =A0 =A0 =A0 ;; destination buffer. > =A0 =A0 =A0 =A0 =A0 =A0 =A0 ;; FIXME: This is a hack to fix url-retrieve-= synchronously > =A0 =A0 =A0 =A0 =A0 =A0 =A0 ;; without changing the API.=A0 Instead url-r= etrieve should > =A0 =A0 =A0 =A0 =A0 =A0 =A0 ;; either simply not return the "destination"= buffer, or it > =A0 =A0 =A0 =A0 =A0 =A0 =A0 ;; should take an optional `dest-buf' argumen= t. > =A0 =A0 =A0 =A0 =A0 =A0 =A0 (set (make-local-variable 'url-redirect-buffe= r) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0retval) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 (url-http-debug "Url Http Parse Headers: hand= ling > authentication return buffer TO %s -> %s 2:" > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 retval url-re= direct-buffer) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 (url-mark-buffer-as-dead buffer)))) That did not work for me. The reason is that at the end of this block, `url-mark-buffer-as-dead' will return non-nil, so the 'success'-flag will be set. If the callback is called immediately because Content-Length is '0' (which is often the case for '401'), `url-retrieve-synchronously' won't look at the url-redirect-buffer variable. So I let that block always return 'nil' and that seems to do the trick, but I'll do some more testing. In the meantime, I'll send you the form for assigning copyright to the FSF in a separate mail. [Whether a patch is considered 'trivial' almost entirely depends on quantity. The general rule is: If the amount of added lines is below ~10, it is considered trivial, otherwise papers are required.] -David