GNU bug report logs - #61411
[PATCH] Handle a case where url-basic-auth can crash

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#61411: closed ([PATCH] Handle a case where url-basic-auth can
 crash)
Date: Thu, 02 Mar 2023 12:38:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Thu, 02 Mar 2023 14:37:12 +0200
with message-id <83a60ve3d3.fsf <at> gnu.org>
and subject line Re: bug#61411: [PATCH] Handle a case where url-basic-auth can crash
has caused the debbugs.gnu.org bug report #61411,
regarding [PATCH] Handle a case where url-basic-auth can crash
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
61411: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61411
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: me <at> elken.dev
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Handle a case where url-basic-auth can crash
Date: Sat, 11 Feb 2023 07:43:10 +0000

[Message part 3 (text/plain, inline)]

Hi all,

This seems like a simple patch, in cases where 
'url-request-noninteractive' is set and valid credentials either aren't 
found or the server sends 401 regardless (which is how I found this 
bug), this causes Emacs to crash.

I have copyright assignment assigned, even though this would fall under 
a "trivial change".

Thanks,
Ellis

[0001-Fix-potential-crash-with-url-basic-auth.patch (text/x-diff, attachment)]

[Message part 5 (message/rfc822, inline)]

From: Eli Zaretskii <eliz <at> gnu.org>
To: me <at> elken.dev
Cc: 61411-done <at> debbugs.gnu.org
Subject: Re: bug#61411: [PATCH] Handle a case where url-basic-auth can crash
Date: Thu, 02 Mar 2023 14:37:12 +0200

> Date: Sun, 26 Feb 2023 08:52:31 +0000
> From: me <at> elken.dev
> Cc: 61411 <at> debbugs.gnu.org
> 
> Thanks for responding; I incorrectly assumed because the patch was so 
> trivial my description was enough. My bad!
> 
> Below is a snippet of elisp that when `M-x eval-buffer`'d crashes an 
> `emacs -Q` and causes an `emacs -Q -l repro.el` to freeze indefinitely 
> on e444115d026c809395d4d248a99bb467bc87bb1d
> 
> (require 'url)
> (eval-when-compile (require 'cl-lib))
> 
> (cl-defun send-request (endpoint &key verb data headers noninteractive 
> json noauth sync callback)
>    (let* ((url-request-method (or verb "GET"))
>           (url-cookie-trusted-urls '(".*"))
>           (url-request-noninteractive noninteractive)
>           (url-request-extra-headers
>            `(("Referer" . ,endpoint)
> 	    ("X-CSRF-TOKEN" . nil)
>              ("Cookie" . nil)))
>           (url-request-data data))
>      (if sync
>          (with-current-buffer (url-retrieve-synchronously endpoint)
>            (funcall (or callback #'identity) url-http-response-status))
>        (url-retrieve
>         endpoint
>         (or callback #'identity)))))
> 
> (send-request "https://httpstat.us/401" :noninteractive t :sync t)
> 
> The linked API is a simple service used to return various status codes, 
> in this instance always a 401 regardless of what authentication is 
> passed.
> 
> I'm not sure if my patch is the best catch-all solution to the 
> underlying issue (I confess, I don't fully understand why this crashes). 
> With my simple patch applied though, Emacs continues as expected.
> 
> I hope this is enough information now, I apologize for the poor initial 
> report. As I already had a patch ready, I didn't think I should have 
> used `M-x report-emacs-bug` but I will in future :)

Thanks, I fixed this in a slightly different manner on the emacs-29
branch, and I'm therefore closing this bug.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.