From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 23 Jan 2014 19:06:06 +0000 (+0000)
Subject: httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.
X-Git-Tag: 1.0.3~11
X-Git-Url: https://git.distorted.org.uk/~mdw/chopwood/commitdiff_plain/558d2d936e93cf72ca09f9869038cf89883c498c

httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.
---

diff --git a/httpauth.py b/httpauth.py
index 31e4ca1..739d1df 100644
--- a/httpauth.py
+++ b/httpauth.py
@@ -158,7 +158,10 @@ def hack_octets(s):
 def unhack_octets(s):
   """Reverse the operation done by `hack_octets'."""
   pad = (len(s) + 3)&3 - len(s)
-  return BN.b64decode(s + '='*pad, '+$')
+  try:
+    return BN.b64decode(s + '='*pad, '+$')
+  except TypeError:
+    raise AuthenticationFailed, 'BADNONCE'
 
 def auth_tag(sec, stamp, user):
   """Compute a tag using secret SEC on `STAMP.USER'."""