Ticket #21 (closed defect: wontfix)

Opened 1 year ago

Last modified 1 year ago

crash with empty parameters in oidutil.appendArgs

Reported by: http://keturn.myopenid.com/ Assigned to:
Priority: major Milestone:
Keywords: appendArgs Cc:
Project: python-openid OpenID Protocol: All versions
Series: All Web Browser:

Description

From: Ryan Barrett Cc: Anton Romanov Subject: small crash fix patch against 2.0.0rc2

hi guys! here's a fix that prevents crashes when there are empty URL parameters. i was seeing the crashes in the openid server code, using the example consumer in with 2.0.0rc2.

thanks to antom romanov, cc'ed, for pointing me to the problem. anton, you'll want to apply this fix instead of just commenting out the encoding lines.

the patch is against 2.0.0rc2, but oidutil.py in darcs head hasn't really changed at all since then, so it should still apply cleanly. 

diff -rc python-openid-2.0.0-rc2.orig/openid/oidutil.py 
python-openid-2.0.0-rc2/openid/oidutil.py
*** python-openid-2.0.0-rc2.orig/openid/oidutil.py      Tue Apr  3 14:56:14 
2007
--- python-openid-2.0.0-rc2/openid/oidutil.py   Thu Sep  6 02:54:01 2007
***************
*** 100,109 ****
       # about the encodings of plain bytes (str).
       i = 0
       for k, v in args:
!         if type(k) is not str:
               k = k.encode('UTF-8')

!         if type(v) is not str:
               v = v.encode('UTF-8')

           args[i] = (k, v)
--- 100,109 ----
       # about the encodings of plain bytes (str).
       i = 0
       for k, v in args:
!         if k and isinstance(k, unicode):
               k = k.encode('UTF-8')

!         if v and isinstance(v, unicode):
               v = v.encode('UTF-8')

           args[i] = (k, v)

Change History

09/07/07 09:46:26 changed by http://snarfed.org/openid

update:

From openid@ryanb.org Fri Sep 7 09:43:20 2007

Date: Fri, 7 Sep 2007 09:43:19 -0700 (PDT)
From: Ryan Barrett <openid@ryanb.org>
To: discuss OpenID libraries and development <dev@lists.openidenabled.com>
Subject: Re: patch: small crash fix for python 2.0.0rc2 library (fwd)

On Thu, 6 Sep 2007, Kevin Turner wrote:

How is this being triggered? Under what conditions are empty URL parameters valid input to this function? And presumably by "empty" you do not mean the empty string, but None? The documentation specifies a type of {str: str}, and I'm trying to determine if there's a compelling case for None to be valid input at all.

sure, that's reasonable. if you leave it as is, though, you'll need to change its callers to check for None URL params. that's probably more trouble than making appendArgs handle them gracefully.

anyway, here's the warning message and stacktrace i saw, if it helps: 

seqToKV warning: Converting value to string: None: [('assoc_handle',
u'{HMAC-SHA1}{46dfc90e}{RvtCKg==}'), ('ext0.fullname', 'Ryan Barrett'),
('ext0.nickname', 'ryan'), ('identity', 'http://localhost/openid'), ('mode',
'id_res'), ('ns.ext0', 'http://openid.net/sreg/1.0'), ('op_endpoint',None),
('response_nonce', '2007-09-06T09:35:29ZouYrBe'), ('return_to',
'http://localhost:8001/process?janrain_nonce=2007-09-06T09%3A33%3A54ZzKLx6R'
), ('signed',
'assoc_handle,ext0.fullname,ext0.nickname,identity,mode,ns.ext0,op_endpoint,
response_nonce,return_to,signed')]

Traceback (most recent call last):
  File "wsgiref/handlers.py", line 92, in run
  File "/home/ryanb/pyblosxom-svn/pyblosxom/Pyblosxom/pyblosxom.py", line
480, in __call__
    p.run()
  File "/home/ryanb/pyblosxom-svn/pyblosxom/Pyblosxom/pyblosxom.py", line
194, in run
    donefunc=lambda x:x)
  File "/home/ryanb/pyblosxom-svn/pyblosxom/Pyblosxom/tools.py", line 754,
in run_callback
    output = func(input)
  File "/home/ryanb/src/pyblosxom/plugins/openid_server.py", line 287, in
cb_handle
    return respond(request, oidrequest.answer(True))
  File "/home/ryanb/src/pyblosxom/plugins/openid_server.py", line 183, in
respond
    webresponse = oidserver.encodeResponse(oidresponse)
  File
"/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py
", line 1464, in encodeResponse
    return self.encoder.encode(response)
  File
"/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py
", line 1232, in encode
    return super(SigningEncoder, self).encode(response)
  File
"/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py
", line 1188, in encode
    location = response.encodeToURL()
  File
"/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/server/server.py
", line 930, in encodeToURL
    return self.fields.toURL(self.request.return_to)
  File
"/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/message.py",
line 324, in toURL
    return oidutil.appendArgs(base_url, self.toPostArgs())
  File
"/home/ryanb/src/pyblosxom/plugins/openid_libs_2.zip/openid/oidutil.py",
line 107, in appendArgs
    v = v.encode('UTF-8')
AttributeError: 'NoneType' object has no attribute 'encode'

-Ryan

-- http://snarfed.org/

09/07/07 13:27:51 changed by http://keturn.myopenid.com/

  • status changed from new to closed.
  • resolution set to wontfix.

the real bug was elsewhere, see #24 and #25.