GNU bug report logs - #61411
[PATCH] Handle a case where url-basic-auth can crash

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: me <at> elken.dev
Subject: bug#61411: closed (Re: bug#61411: [PATCH] Handle a case where
 url-basic-auth can crash)
Date: Thu, 02 Mar 2023 12:38:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#61411: [PATCH] Handle a case where url-basic-auth can crash

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 61411 <at> debbugs.gnu.org.

-- 
61411: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61411
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Eli Zaretskii <eliz <at> gnu.org>
To: me <at> elken.dev
Cc: 61411-done <at> debbugs.gnu.org
Subject: Re: bug#61411: [PATCH] Handle a case where url-basic-auth can crash
Date: Thu, 02 Mar 2023 14:37:12 +0200

> Date: Sun, 26 Feb 2023 08:52:31 +0000
> From: me <at> elken.dev
> Cc: 61411 <at> debbugs.gnu.org
> 
> Thanks for responding; I incorrectly assumed because the patch was so 
> trivial my description was enough. My bad!
> 
> Below is a snippet of elisp that when `M-x eval-buffer`'d crashes an 
> `emacs -Q` and causes an `emacs -Q -l repro.el` to freeze indefinitely 
> on e444115d026c809395d4d248a99bb467bc87bb1d
> 
> (require 'url)
> (eval-when-compile (require 'cl-lib))
> 
> (cl-defun send-request (endpoint &key verb data headers noninteractive 
> json noauth sync callback)
>    (let* ((url-request-method (or verb "GET"))
>           (url-cookie-trusted-urls '(".*"))
>           (url-request-noninteractive noninteractive)
>           (url-request-extra-headers
>            `(("Referer" . ,endpoint)
> 	    ("X-CSRF-TOKEN" . nil)
>              ("Cookie" . nil)))
>           (url-request-data data))
>      (if sync
>          (with-current-buffer (url-retrieve-synchronously endpoint)
>            (funcall (or callback #'identity) url-http-response-status))
>        (url-retrieve
>         endpoint
>         (or callback #'identity)))))
> 
> (send-request "https://httpstat.us/401" :noninteractive t :sync t)
> 
> The linked API is a simple service used to return various status codes, 
> in this instance always a 401 regardless of what authentication is 
> passed.
> 
> I'm not sure if my patch is the best catch-all solution to the 
> underlying issue (I confess, I don't fully understand why this crashes). 
> With my simple patch applied though, Emacs continues as expected.
> 
> I hope this is enough information now, I apologize for the poor initial 
> report. As I already had a patch ready, I didn't think I should have 
> used `M-x report-emacs-bug` but I will in future :)

Thanks, I fixed this in a slightly different manner on the emacs-29
branch, and I'm therefore closing this bug.

[Message part 3 (message/rfc822, inline)]

From: me <at> elken.dev
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Handle a case where url-basic-auth can crash
Date: Sat, 11 Feb 2023 07:43:10 +0000

[Message part 4 (text/plain, inline)]

Hi all,

This seems like a simple patch, in cases where 
'url-request-noninteractive' is set and valid credentials either aren't 
found or the server sends 401 regardless (which is how I found this 
bug), this causes Emacs to crash.

I have copyright assignment assigned, even though this would fall under 
a "trivial change".

Thanks,
Ellis

[0001-Fix-potential-crash-with-url-basic-auth.patch (text/x-diff, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.