[New-bugs-announce] [issue32958] Urllib proxy_bypass crashes for urls containing long basic auth strings
Aaron Black
report at bugs.python.org
Mon Feb 26 14:52:35 EST 2018
New submission from Aaron Black <aaron.black at jpl.nasa.gov>:
While working on a custom conda channel with authentication, I ran into the following UnicodeError:
Traceback (most recent call last):
File "/Users/ablack/miniconda3/lib/python3.6/site-packages/conda/core/repodata.py", line 402, in fetch_repodata_remote_request
timeout=timeout)
File "/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/sessions.py", line 521, in get
return self.request('GET', url, **kwargs)
File "/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/sessions.py", line 499, in request
prep.url, proxies, stream, verify, cert
File "/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/sessions.py", line 672, in merge_environment_settings
env_proxies = get_environ_proxies(url, no_proxy=no_proxy)
File "/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/utils.py", line 692, in get_environ_proxies
if should_bypass_proxies(url, no_proxy=no_proxy):
File "/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/utils.py", line 676, in should_bypass_proxies
bypass = proxy_bypass(netloc)
File "/Users/ablack/miniconda3/lib/python3.6/urllib/request.py", line 2612, in proxy_bypass
return proxy_bypass_macosx_sysconf(host)
File "/Users/ablack/miniconda3/lib/python3.6/urllib/request.py", line 2589, in proxy_bypass_macosx_sysconf
return _proxy_bypass_macosx_sysconf(host, proxy_settings)
File "/Users/ablack/miniconda3/lib/python3.6/urllib/request.py", line 2562, in _proxy_bypass_macosx_sysconf
hostIP = socket.gethostbyname(hostonly)
UnicodeError: encoding with 'idna' codec failed (UnicodeError: label empty or too long)
The error can be consistently reproduced when the first substring of the url hostname is greater than 64 characters long, as in "0123456789012345678901234567890123456789012345678901234567890123.example.com". This wouldn't be a problem, except that it doesn't seem to separate out credentials from the first substring of the hostname so the entire "[user]:[secret]@XXX" section must be less than 65 characters long. This is problematic for services that use longer API keys and expect their submission over basic auth.
----------
components: Library (Lib)
messages: 312947
nosy: ablack
priority: normal
severity: normal
status: open
title: Urllib proxy_bypass crashes for urls containing long basic auth strings
type: crash
versions: Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32958>
_______________________________________
More information about the New-bugs-announce
mailing list