[Python-Dev] BUG (urllib2) Authentication request header is broken on long usernames and passwords

The Doctor What docwhat+list.python-dev at gerf.org
Mon Oct 9 22:44:39 CEST 2006

I found a bug in urllib2's handling of basic HTTP authentication.

urllib2 uses the base64.encodestring() method to encode the

The problem is that base64.encodestring() adds newlines to wrap the
encoded characters at the 76th column.

This produces bogus request headers like this:
GET /some/url HTTP/1.1
Host: some.host
Accept-Encoding: identity
Authorization: Basic

User-agent: some-agent

This can be worked around by forcing the base64.MAXBINSIZE to
something huge, but really it should be something passed into

# echo example of it wrapping...
# python -c 'import base64; print base64.encodestring("f"*58)'
# excho example of forcing it not to wrap...
# python -c 'import base64; base64.MAXBINSIZE=1000000; print

Symptoms of this bug are receiving HTTP 400 responses from the
remote server, spurious authentication errors, or various parts of
the header "vanishing" (because of the double newline).


** Ridiculous Quotes **
"I want to say this about my state: When Strom Thurmond ran for
president, we voted for him. We're proud of it. And if the rest of
the country had followed our lead, we wouldn't have had all these
problems over all these years, either."
	-- Senate Minority Leader Trent Lott (R-MS), praising Strom
Thurmond's segregationist presidential campaign [12/5/02]

The Doctor What: Second Baseman
docwhat *at* gerf *dot* org

More information about the Python-Dev mailing list