Bug #5046

Bug with xmlrpc::client, basic auth and long authentication strings

Added by Herwin . almost 3 years ago. Updated 7 months ago.

[ruby-core:38164]
Status:Closed
Priority:Low
Assignee:Hiroshi Nakamura
Category:lib
Target version:1.9.3
ruby -v:1.9.2-p290 (and earlier releases) Backport:

Description

XMLRPC::Client has support for basic auth. This tries to encode the
combination of the username and password with the base64 algorithm using
Array.pack. If however your username and password exceed a certain
length the truncate algorithm of Array.pack kicks in and adds a newline
character in the result, which creates HTTP headers that are invalid.

Associated revisions

Revision 32666
Added by Hiroshi Nakamura over 2 years ago

  • lib/xmlrpc/client.rb: Fix possible HTTP header formatting failure by
    'Basic' header. Long username caused the base64 String truncation in
    HTTP header which is not allowed. See #5046.

  • test/xmlrpc/testwebrickserver.rb: test it.

History

#1 Updated by Hiroshi Nakamura over 2 years ago

  • Status changed from Open to Assigned
  • Assignee set to Hiroshi Nakamura

#2 Updated by Hiroshi Nakamura over 2 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 2.0.0 to 1.9.3

Fixed trunk at r32666 and ruby19_3 at r32668. Thanks!

#3 Updated by Anonymous 7 months ago

I'm not concerned about this kind of information, do not send this message
to me

2011/7/25 Hiroshi Nakamura nakahiro@gmail.com

Issue #5046 has been updated by Hiroshi Nakamura.

Status changed from Assigned to Closed
Target version changed from 1.9.x to 1.9.3

Fixed trunk at r32666 and ruby19_3 at r32668. Thanks!

Bug #5046: Bug with xmlrpc::client, basic auth and long authentication
strings
http://redmine.ruby-lang.org/issues/5046

Author: Herwin Weststrate
Status: Closed
Priority: Low
Assignee: Hiroshi Nakamura
Category: lib
Target version: 1.9.3
ruby -v: 1.9.2-p290 (and earlier releases)

XMLRPC::Client has support for basic auth. This tries to encode the
combination of the username and password with the base64 algorithm using
Array.pack. If however your username and password exceed a certain
length the truncate algorithm of Array.pack kicks in and adds a newline
character in the result, which creates HTTP headers that are invalid.

http://redmine.ruby-lang.org

Also available in: Atom PDF