Bug #5046
Bug with xmlrpc::client, basic auth and long authentication strings
Description
XMLRPC::Client has support for basic auth. This tries to encode the
combination of the username and password with the base64 algorithm using
Array.pack. If however your username and password exceed a certain
length the truncate algorithm of Array.pack kicks in and adds a newline
character in the result, which creates HTTP headers that are invalid.
Associated revisions
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.test/xmlrpc/test_webrick_server.rb: test it.
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.test/xmlrpc/test_webrick_server.rb: test it.
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.test/xmlrpc/test_webrick_server.rb: test it.
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.test/xmlrpc/test_webrick_server.rb: test it.
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.test/xmlrpc/test_webrick_server.rb: test it.
backport r32666 from trunk.
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.test/xmlrpc/test_webrick_server.rb: test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32668 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
History
#1
[ruby-core:38476]
Updated by nahi (Hiroshi Nakamura) almost 7 years ago
Updated by - Status changed from Open to Assigned
- Assignee set to nahi (Hiroshi Nakamura)
#2
[ruby-core:38496]
Updated by nahi (Hiroshi Nakamura) almost 7 years ago
- Status changed from Assigned to Closed
- Target version changed from 2.0.0 to 1.9.3
Fixed trunk at r32666 and ruby_1_9_3 at r32668. Thanks!
#3
[ruby-core:57251]
Updated by Anonymous over 4 years ago
I'm not concerned about this kind of information, do not send this message
to me
2011/7/25 Hiroshi Nakamura nakahiro@gmail.com
Issue #5046 has been updated by Hiroshi Nakamura.
Status changed from Assigned to Closed
Target version changed from 1.9.x to 1.9.3Fixed trunk at r32666 and ruby_1_9_3 at r32668. Thanks!¶
Bug #5046: Bug with xmlrpc::client, basic auth and long authentication
strings
http://redmine.ruby-lang.org/issues/5046Author: Herwin Weststrate
Status: Closed
Priority: Low
Assignee: Hiroshi Nakamura
Category: lib
Target version: 1.9.3
ruby -v: 1.9.2-p290 (and earlier releases)XMLRPC::Client has support for basic auth. This tries to encode the
combination of the username and password with the base64 algorithm using
Array.pack. If however your username and password exceed a certain
length the truncate algorithm of Array.pack kicks in and adds a newline
character in the result, which creates HTTP headers that are invalid.
lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
'Basic' header. Long username caused the base64 String truncation in
HTTP header which is not allowed. See #5046.
test/xmlrpc/test_webrick_server.rb: test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32666 b2dd03c8-39d4-4d8f-98ff-823fe69b080e