chiark / gitweb /
httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.
authorMark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:06:06 +0000 (19:06 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:08:50 +0000 (19:08 +0000)
httpauth.py

index 31e4ca1..739d1df 100644 (file)
@@ -158,7 +158,10 @@ def hack_octets(s):
 def unhack_octets(s):
   """Reverse the operation done by `hack_octets'."""
   pad = (len(s) + 3)&3 - len(s)
-  return BN.b64decode(s + '='*pad, '+$')
+  try:
+    return BN.b64decode(s + '='*pad, '+$')
+  except TypeError:
+    raise AuthenticationFailed, 'BADNONCE'
 
 def auth_tag(sec, stamp, user):
   """Compute a tag using secret SEC on `STAMP.USER'."""