[issue45572] urllib.request:AttributeError: 'dict' object has no attribute 'get_all' in http_error_auth_reqed function

Fri, 22 Oct 2021 06:36:10 -0700 


New submission from tongxiaoge <shixuant...@huawei.com>:

The python version I currently use in my development environment is 3.7.4. 
Using the following script, the program has never output, and seems to have 
entered an infinite loop.

To reproduce the issue we can use the following code:

from urllib.request import AbstractBasicAuthHandler
auth_handler = AbstractBasicAuthHandler()
header = {'www-authenticate': 'Basic ' + ',' * 64 + ' ' + 'foo' + ' ' +'realm'}
auth_handler.http_error_auth_reqed('www-authenticate','unused','unused',header)




So I tried to upgrade it to version 3.7.12, and the program will directly 
report an error. The information is as follows:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/urllib/request.py", line 990, in 
http_error_auth_reqed
    headers = headers.get_all(authreq)
AttributeError: 'dict' object has no attribute 'get_all'

This problem also exists when I upgrade Python 3 to 3.11.0a1. In Python version 
3.7.4, the cause of program hang on seems to be a security vulnerability. Refer 
to https://bugs.python.org/issue39503. The reason for CVE is not the wrong type 
of headers. However, after repairing CVE, it seems that the type of headers is 
limited? For the CVE patch, I tried to only fix the part of the regular 
expression, and the program can run. So, after repairing CVE-2020-8492, what 
type should the headers parameter be for http_error_auth_reqed  function? Based 
on the current code, how should I adapt and modify it to make it run normally?

----------
components: Library (Lib)
files: 3.7.4 hang on.png
messages: 404767
nosy: sxt1001
priority: normal
severity: normal
status: open
title: urllib.request:AttributeError: 'dict' object has no attribute 'get_all' 
in http_error_auth_reqed function
type: behavior
versions: Python 3.10, Python 3.11, Python 3.7, Python 3.8, Python 3.9
Added file: https://bugs.python.org/file50386/3.7.4 hang on.png

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue45572>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to