Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid format of AUTHENTICATE message #1974

Closed
progval opened this issue Oct 31, 2020 · 2 comments · Fixed by #1976
Closed

Invalid format of AUTHENTICATE message #1974

progval opened this issue Oct 31, 2020 · 2 comments · Fixed by #1976
Assignees
@Exirel
Labels
Bug Things to squish; generally used for issues High Priority
Milestone
7.1.0

Comments

@progval
Copy link

progval commented Oct 31, 2020
edited
Loading

Description

Sopel uses a literal \0 instead of the null byte in AUTHENTICATE payloads.

Reproduction steps

  1. use this config:
auth_username = jilles
auth_password = sesame
auth_method = sasl

Sopel will then send this to the server:

AUTHENTICATE amlsbGVzXDBqaWxsZXNcMHNlc2FtZQ==

Expected behavior

It should send this:

AUTHENTICATE amlsbGVzAGppbGxlcwBzZXNhbWU=

base64-decoded, they can be represented as Python literals like this, respectively: "jilles\\0jilles\\0sesame" and "jilles\0jilles\0sesame".

Environment

  • Sopel .version: master
  • Sopel installed via: setup.py install

This is because of this change: https://github.com/sopel-irc/sopel/pull/1928/files#diff-a3d2e4c9269312d687f6dbab17168611fd71629ef36b099985b9ba4bd293c853R838

this is equivalent to replacing "\0" with "\\0".

I'm guessing this was to fix some sort of lint warning, but it also changes the behavior. Instead, you should probably use a bytes object.
@progval progval added the Bug Things to squish; generally used for issues label Oct 31, 2020
@progval progval mentioned this issue Oct 31, 2020
Closed
@Exirel
Copy link
Contributor

Exirel commented Oct 31, 2020

Nice catch!

@Exirel Exirel self-assigned this Oct 31, 2020
@Exirel Exirel added this to the 7.1.0 milestone Oct 31, 2020
@Exirel Exirel mentioned this issue Oct 31, 2020
Merged
4 tasks
@Exirel
Copy link
Contributor

Exirel commented Oct 31, 2020

Should be fixed by #1976, thank you again @progval for the bug report!

@dgw dgw closed this as completed in #1976 Oct 31, 2020
@dgw dgw mentioned this issue Oct 31, 2020
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Exirel Exirel

Labels
Bug Things to squish; generally used for issues High Priority
Projects
None yet
Milestone
7.1.0
Development

Successfully merging a pull request may close this issue.

core: fix invalid usage of r-string for SASL auth token Exirel/sopel
2 participants
@progval @Exirel