From 558d2d936e93cf72ca09f9869038cf89883c498c Mon Sep 17 00:00:00 2001
Message-Id: <558d2d936e93cf72ca09f9869038cf89883c498c.1714996486.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Thu, 23 Jan 2014 19:06:06 +0000
Subject: [PATCH] httpauth.py: Don't crash if Base-64 decoding of the CSRF
 token fails.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

---
 httpauth.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/httpauth.py b/httpauth.py
index 31e4ca1..739d1df 100644
--- a/httpauth.py
+++ b/httpauth.py
@@ -158,7 +158,10 @@ def hack_octets(s):
 def unhack_octets(s):
   """Reverse the operation done by `hack_octets'."""
   pad = (len(s) + 3)&3 - len(s)
-  return BN.b64decode(s + '='*pad, '+$')
+  try:
+    return BN.b64decode(s + '='*pad, '+$')
+  except TypeError:
+    raise AuthenticationFailed, 'BADNONCE'
 
 def auth_tag(sec, stamp, user):
   """Compute a tag using secret SEC on `STAMP.USER'."""
-- 
[mdw]