Rev 6617: (richard-wilbur) Fix lp:1606203 caused by using a user/pass combination for in file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.7/

Patch Queue Manager pqm at pqm.ubuntu.com
Tue Sep 13 19:56:48 UTC 2016 

At file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.7/

------------------------------------------------------------
revno: 6617 [merge]
revision-id: pqm at pqm.ubuntu.com-20160913195648-gl3w5ohxo8pqavdr
parent: pqm at pqm.ubuntu.com-20160207185958-e04s369m88endygc
parent: v.ladeuil+lp at free.fr-20160909125940-4bhgpwoenpjal97c
committer: Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: 2.7
timestamp: Tue 2016-09-13 19:56:48 +0000
message:
  (richard-wilbur) Fix lp:1606203 caused by using a user/pass combination for
   http auth longer than ~57 chars. (Vincent Ladeuil) (Vincent Ladeuil)
modified:
  bzrlib/tests/test_http.py      testhttp.py-20051018020158-b2eef6e867c514d9
  bzrlib/transport/http/_urllib2_wrappers.py _urllib2_wrappers.py-20060913231729-ha9ugi48ktx481ao-1
=== modified file 'bzrlib/tests/test_http.py'
--- a/bzrlib/tests/test_http.py	2016-02-01 18:06:32 +0000
+++ b/bzrlib/tests/test_http.py	2016-09-09 12:59:40 +0000
@@ -260,6 +260,16 @@
         self.assertEqual('basic', scheme)
         self.assertEqual('realm="Thou should not pass"', remainder)
 
+    def test_build_basic_header_with_long_creds(self):
+        handler = _urllib2_wrappers.BasicAuthHandler()
+        user = 'user' * 10  # length 40
+        password = 'password' * 5  # length 40
+        header = handler.build_auth_header(
+            dict(user=user, password=password), None)
+        # https://bugs.launchpad.net/bzr/+bug/1606203 was caused by incorrectly
+        # creating a header value with an embedded '\n'
+        self.assertFalse('\n' in header)
+
     def test_basic_extract_realm(self):
         scheme, remainder = self.parse_header(
             'Basic realm="Thou should not pass"',

=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py	2016-01-31 12:55:31 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py	2016-09-09 12:59:40 +0000
@@ -48,6 +48,7 @@
 # actual code more or less do that, tests should be written to
 # ensure that.
 
+import base64
 import errno
 import httplib
 import os
@@ -1491,7 +1492,7 @@
 
     def build_auth_header(self, auth, request):
         raw = '%s:%s' % (auth['user'], auth['password'])
-        auth_header = 'Basic ' + raw.encode('base64').strip()
+        auth_header = 'Basic ' + base64.b64encode(raw)
         return auth_header
 
     def extract_realm(self, header_value):

More information about the bazaar-commits mailing list