emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#61411: closed ([PATCH] Handle a case where url-basic-auth can crash)

From: GNU bug Tracking System
Subject: bug#61411: closed ([PATCH] Handle a case where url-basic-auth can crash)
Date: Thu, 02 Mar 2023 12:38:02 +0000 
Your message dated Thu, 02 Mar 2023 14:37:12 +0200
with message-id <83a60ve3d3.fsf@gnu.org>
and subject line Re: bug#61411: [PATCH] Handle a case where url-basic-auth can 
crash
has caused the debbugs.gnu.org bug report #61411,
regarding [PATCH] Handle a case where url-basic-auth can crash
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
61411: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61411
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: [PATCH] Handle a case where url-basic-auth can crash Date: Sat, 11 Feb 2023 07:43:10 +0000 
Hi all,
This seems like a simple patch, in cases where 'url-request-noninteractive' is set and valid credentials either aren't found or the server sends 401 regardless (which is how I found this bug), this causes Emacs to crash.
I have copyright assignment assigned, even though this would fall under a "trivial change". 

Thanks,
Ellis

Attachment: 0001-Fix-potential-crash-with-url-basic-auth.patch
Description: Text Data


--- End Message ---
--- Begin Message --- Subject: Re: bug#61411: [PATCH] Handle a case where url-basic-auth can crash Date: Thu, 02 Mar 2023 14:37:12 +0200 
> Date: Sun, 26 Feb 2023 08:52:31 +0000
> From: me@elken.dev
> Cc: 61411@debbugs.gnu.org
> 
> Thanks for responding; I incorrectly assumed because the patch was so 
> trivial my description was enough. My bad!
> 
> Below is a snippet of elisp that when `M-x eval-buffer`'d crashes an 
> `emacs -Q` and causes an `emacs -Q -l repro.el` to freeze indefinitely 
> on e444115d026c809395d4d248a99bb467bc87bb1d
> 
> (require 'url)
> (eval-when-compile (require 'cl-lib))
> 
> (cl-defun send-request (endpoint &key verb data headers noninteractive 
> json noauth sync callback)
>    (let* ((url-request-method (or verb "GET"))
>           (url-cookie-trusted-urls '(".*"))
>           (url-request-noninteractive noninteractive)
>           (url-request-extra-headers
>            `(("Referer" . ,endpoint)
>           ("X-CSRF-TOKEN" . nil)
>              ("Cookie" . nil)))
>           (url-request-data data))
>      (if sync
>          (with-current-buffer (url-retrieve-synchronously endpoint)
>            (funcall (or callback #'identity) url-http-response-status))
>        (url-retrieve
>         endpoint
>         (or callback #'identity)))))
> 
> (send-request "https://httpstat.us/401"; :noninteractive t :sync t)
> 
> The linked API is a simple service used to return various status codes, 
> in this instance always a 401 regardless of what authentication is 
> passed.
> 
> I'm not sure if my patch is the best catch-all solution to the 
> underlying issue (I confess, I don't fully understand why this crashes). 
> With my simple patch applied though, Emacs continues as expected.
> 
> I hope this is enough information now, I apologize for the poor initial 
> report. As I already had a patch ready, I didn't think I should have 
> used `M-x report-emacs-bug` but I will in future :)

Thanks, I fixed this in a slightly different manner on the emacs-29
branch, and I'm therefore closing this bug.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]