[issue32958] Urllib proxy_bypass crashes for urls containing long basic auth strings

Mon, 26 Feb 2018 11:55:27 -0800 

New submission from Aaron Black <aaron.bl...@jpl.nasa.gov>:

While working on a custom conda channel with authentication, I ran into the 
following UnicodeError:

Traceback (most recent call last):
  File 
"/Users/ablack/miniconda3/lib/python3.6/site-packages/conda/core/repodata.py", 
line 402, in fetch_repodata_remote_request
    timeout=timeout)
  File 
"/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/sessions.py", 
line 521, in get
    return self.request('GET', url, **kwargs)
  File 
"/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/sessions.py", 
line 499, in request
    prep.url, proxies, stream, verify, cert
  File 
"/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/sessions.py", 
line 672, in merge_environment_settings
    env_proxies = get_environ_proxies(url, no_proxy=no_proxy)
  File 
"/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/utils.py", line 
692, in get_environ_proxies
    if should_bypass_proxies(url, no_proxy=no_proxy):
  File 
"/Users/ablack/miniconda3/lib/python3.6/site-packages/requests/utils.py", line 
676, in should_bypass_proxies
    bypass = proxy_bypass(netloc)
  File "/Users/ablack/miniconda3/lib/python3.6/urllib/request.py", line 2612, 
in proxy_bypass
    return proxy_bypass_macosx_sysconf(host)
  File "/Users/ablack/miniconda3/lib/python3.6/urllib/request.py", line 2589, 
in proxy_bypass_macosx_sysconf
    return _proxy_bypass_macosx_sysconf(host, proxy_settings)
  File "/Users/ablack/miniconda3/lib/python3.6/urllib/request.py", line 2562, 
in _proxy_bypass_macosx_sysconf
    hostIP = socket.gethostbyname(hostonly)
UnicodeError: encoding with 'idna' codec failed (UnicodeError: label empty or 
too long)

The error can be consistently reproduced when the first substring of the url 
hostname is greater than 64 characters long, as in 
"0123456789012345678901234567890123456789012345678901234567890123.example.com". 
This wouldn't be a problem, except that it doesn't seem to separate out 
credentials from the first substring of the hostname so the entire 
"[user]:[secret]@XXX" section must be less than 65 characters long. This is 
problematic for services that use longer API keys and expect their submission 
over basic auth.

----------
components: Library (Lib)
messages: 312947
nosy: ablack
priority: normal
severity: normal
status: open
title: Urllib proxy_bypass crashes for urls containing long basic auth strings
type: crash
versions: Python 3.6

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32958>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to