Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorization parsing should catch base64 errors #2717

Closed
ckoehn opened this issue Jun 2, 2023 · 1 comment
Closed

authorization parsing should catch base64 errors #2717

ckoehn opened this issue Jun 2, 2023 · 1 comment
Milestone
2.3.5

Comments

@ckoehn
Copy link
Contributor

ckoehn commented Jun 2, 2023

Steps to reproduce

>>> from werkzeug.datastructures import Authorization
>>> Authorization.from_header("Basic foo")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/private/tmp/.venv/lib/python3.11/site-packages/werkzeug/datastructures/auth.py", line 109, in from_header
    username, _, password = base64.b64decode(rest).decode().partition(":")
                            ^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Incorrect padding

Expected behavior

I would expect Werkzeug to handle this situation and return None.

Environment

  • Python version: 3.11.3
  • Werkzeug version: 2.3.4
@davidism davidism changed the title Basic authorization parsing authorization parsing should catch base64 errors Jun 2, 2023
@davidism
Copy link
Member

davidism commented Jun 2, 2023
edited

I've updated the title to describe the actual issue you're asking to fix. Happy to review a PR.

@davidism davidism added this to the 2.3.5 milestone Jun 2, 2023
@ckoehn ckoehn mentioned this issue Jun 2, 2023
Merged
6 tasks
@davidism davidism closed this as completed Jun 2, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.3.5
Development

No branches or pull requests
2 participants
@ckoehn @davidism