bug#27022: url-retrieve + .authinfo bug

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27022: url-retrieve + .authinfo bug

From:	Lars Ingebrigtsen
Subject:	bug#27022: url-retrieve + .authinfo bug
Date:	Fri, 26 Jul 2019 10:56:21 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Andy Wingo <wingo@pobox.com> writes:
>
>> If you try to do a url-retrieve over HTTP on a URL that requires HTTP
>> basic authentication, and you have an .authinfo file, and that .authinfo
>> contains an incorrect login, then Emacs will keep appending the same
>> Authorization: header to the request -- over and over, making the
>> request larger and larger, with no stop condition.  Eventually nginx
>> produces a "400 Bad Request" error because there were too many headers.
>>
>> Emacs should instead error after the first attempt at authentication
>> fails.
>
> I'm able to reproduce this with this in my .authinfo file:
>
> machine jigsaw.w3.org:443 login guest password wrong
>
> and then:
>
> (url-retrieve "https://jigsaw.w3.org/HTTP/Basic/"; #'ignore)

And this should now be fixed on the Emacs trunk.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27022: url-retrieve + .authinfo bug, Lars Ingebrigtsen, 2019/07/26
- bug#27022: url-retrieve + .authinfo bug, Lars Ingebrigtsen <=

Prev by Date: bug#27022: url-retrieve + .authinfo bug
Next by Date: bug#26893: 25.2; emacs crashed and dumped core
Previous by thread: bug#27022: url-retrieve + .authinfo bug
Next by thread: bug#26893: 25.2; emacs crashed and dumped core
Index(es):
- Date
- Thread