GNU bug report logs - #27022
url-retrieve + .authinfo bug

Previous Next

Package: emacs;

Reported by: Andy Wingo <wingo <at> pobox.com>

Date: Mon, 22 May 2017 18:11:02 UTC

Severity: normal

Tags: fixed

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Andy Wingo <wingo <at> pobox.com>
Cc: 27022 <at> debbugs.gnu.org
Subject: bug#27022: url-retrieve + .authinfo bug
Date: Fri, 26 Jul 2019 10:56:21 +0200

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> Andy Wingo <wingo <at> pobox.com> writes:
>
>> If you try to do a url-retrieve over HTTP on a URL that requires HTTP
>> basic authentication, and you have an .authinfo file, and that .authinfo
>> contains an incorrect login, then Emacs will keep appending the same
>> Authorization: header to the request -- over and over, making the
>> request larger and larger, with no stop condition.  Eventually nginx
>> produces a "400 Bad Request" error because there were too many headers.
>>
>> Emacs should instead error after the first attempt at authentication
>> fails.
>
> I'm able to reproduce this with this in my .authinfo file:
>
> machine jigsaw.w3.org:443 login guest password wrong
>
> and then:
>
> (url-retrieve "https://jigsaw.w3.org/HTTP/Basic/" #'ignore)

And this should now be fixed on the Emacs trunk.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

This bug report was last modified 5 years and 297 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27022 url-retrieve + .authinfo bug

GNU bug report logs - #27022
url-retrieve + .authinfo bug