From pqm at pqm.ubuntu.com Tue Sep 13 19:56:48 2016 From: pqm at pqm.ubuntu.com (Patch Queue Manager) Date: Tue, 13 Sep 2016 19:56:48 +0000 (UTC) Subject: Rev 6617: (richard-wilbur) Fix lp:1606203 caused by using a user/pass combination for in file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.7/ Message-ID: <20160913195648.96EAC74044F@cupuasso.canonical.com> At file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.7/ ------------------------------------------------------------ revno: 6617 [merge] revision-id: pqm at pqm.ubuntu.com-20160913195648-gl3w5ohxo8pqavdr parent: pqm at pqm.ubuntu.com-20160207185958-e04s369m88endygc parent: v.ladeuil+lp at free.fr-20160909125940-4bhgpwoenpjal97c committer: Patch Queue Manager branch nick: 2.7 timestamp: Tue 2016-09-13 19:56:48 +0000 message: (richard-wilbur) Fix lp:1606203 caused by using a user/pass combination for http auth longer than ~57 chars. (Vincent Ladeuil) (Vincent Ladeuil) modified: bzrlib/tests/test_http.py testhttp.py-20051018020158-b2eef6e867c514d9 bzrlib/transport/http/_urllib2_wrappers.py _urllib2_wrappers.py-20060913231729-ha9ugi48ktx481ao-1 === modified file 'bzrlib/tests/test_http.py' --- a/bzrlib/tests/test_http.py 2016-02-01 18:06:32 +0000 +++ b/bzrlib/tests/test_http.py 2016-09-09 12:59:40 +0000 @@ -260,6 +260,16 @@ self.assertEqual('basic', scheme) self.assertEqual('realm="Thou should not pass"', remainder) + def test_build_basic_header_with_long_creds(self): + handler = _urllib2_wrappers.BasicAuthHandler() + user = 'user' * 10 # length 40 + password = 'password' * 5 # length 40 + header = handler.build_auth_header( + dict(user=user, password=password), None) + # https://bugs.launchpad.net/bzr/+bug/1606203 was caused by incorrectly + # creating a header value with an embedded '\n' + self.assertFalse('\n' in header) + def test_basic_extract_realm(self): scheme, remainder = self.parse_header( 'Basic realm="Thou should not pass"', === modified file 'bzrlib/transport/http/_urllib2_wrappers.py' --- a/bzrlib/transport/http/_urllib2_wrappers.py 2016-01-31 12:55:31 +0000 +++ b/bzrlib/transport/http/_urllib2_wrappers.py 2016-09-09 12:59:40 +0000 @@ -48,6 +48,7 @@ # actual code more or less do that, tests should be written to # ensure that. +import base64 import errno import httplib import os @@ -1491,7 +1492,7 @@ def build_auth_header(self, auth, request): raw = '%s:%s' % (auth['user'], auth['password']) - auth_header = 'Basic ' + raw.encode('base64').strip() + auth_header = 'Basic ' + base64.b64encode(raw) return auth_header def extract_realm(self, header_value):