From 562a6440d1fa334f733a82bd4dbdd417a0e2dc85 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 26 Dec 2010 09:33:04 +0000 Subject: [PATCH] fix for a bug reported by nightman (same as http://bugs.python.org/issue8797) --- lib/core/option.py | 3 ++- lib/request/basicauthhandler.py | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 lib/request/basicauthhandler.py diff --git a/lib/core/option.py b/lib/core/option.py index f9016dd0a..79bbc9035 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -79,6 +79,7 @@ from lib.parse.configfile import configFileParser from lib.parse.payloads import loadPayloads from lib.request.connect import Connect as Request from lib.request.proxy import ProxyHTTPSHandler +from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler from lib.request.certhandler import HTTPSCertAuthHandler from lib.request.rangehandler import HTTPRangeHandler from lib.request.redirecthandler import SmartRedirectHandler @@ -813,7 +814,7 @@ def __setHTTPAuthentication(): passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword) if aTypeLower == "basic": - authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr) + authHandler = SmartHTTPBasicAuthHandler(passwordMgr) elif aTypeLower == "digest": authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr) diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py new file mode 100644 index 000000000..7557ccfde --- /dev/null +++ b/lib/request/basicauthhandler.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +""" +$Id$ + +Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) +See the file 'doc/COPYING' for copying permission +""" + +import urllib2 + +class SmartHTTPBasicAuthHandler(urllib2.HTTPBasicAuthHandler): + """ + Reference: http://selenic.com/hg/rev/6c51a5056020 + Fix for a: http://bugs.python.org/issue8797 + """ + def __init__(self, *args, **kwargs): + urllib2.HTTPBasicAuthHandler.__init__(self, *args, **kwargs) + self.retried_req = None + + def reset_retry_count(self): + # Python 2.6.5 will call this on 401 or 407 errors and thus loop + # forever. We disable reset_retry_count completely and reset in + # http_error_auth_reqed instead. + pass + + def http_error_auth_reqed(self, auth_header, host, req, headers): + # Reset the retry counter once for each request. + if req is not self.retried_req: + self.retried_req = req + self.retried = 0 + return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed( + self, auth_header, host, req, headers)