M2Crypto, if imported, globally monkeypatches urllib in incompatible manner (no error handling)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
m2crypto (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The file:
/usr/
ends with the following snippet (where URLOpener is result of "from urrlib import *")
# Minor brain surgery.
URLopener.
This globally replaces urrlib.
The critical difference is in (lack of) error handling. While standard urllib version ends with analysis of reply status and calls to self.http_error (which further calls methods like http_error_401 and in the end for example handles authorization errors), M2Crypto version blindly returns obtained payload whatever the status is. Final part of M2Crypto's open_https is:
resp = h.getresponse()
fp = resp.fp
return addinfourl(fp, resp.msg, "https:" + url)
while urllib ends with
errcode, errmsg, headers = h.getreply()
# … and plenty of lines follow where addinfourl is used only if 200 <= errcode < 300,
# otherwise self.http_error is called to handle the error
(there are also differences in preparation phase, I didn't analyse them)
~~~~~~~~~~
In my practice I have an app which subclasses urllib.
¹ For curious: I got M2Crypto in process because keyring library (which I actually use) for some reason imported keyrings.alt.Google (which I don't use but keyring iterates over available backends and attempts to import them all) which imported gdata which imported gdata.tlslite which imported M2Crypto.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: python-m2crypto 0.27.0-5
ProcVersionSign
Uname: Linux 4.15.0-
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Sep 4 11:52:39 2019
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-02-18 (2389 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
SourcePackage: m2crypto
UpgradeStatus: Upgraded to bionic on 2018-04-11 (511 days ago)