Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A too short or too long URL results in 500 error. Should be a 404. #41

Open
atoponce opened this issue Aug 25, 2014 · 3 comments
Open

A too short or too long URL results in 500 error. Should be a 404. #41

atoponce opened this issue Aug 25, 2014 · 3 comments
Labels
bug

Comments

@atoponce
Copy link
Owner

Suppose the link to your secret note is https://ae7.st/d/pAJj58F5ozdoEz_w-fEBdw. If there is a typo in the link, such as https://ae7.st/d/pAJj58F5ozdoEz_w-fEBdW, it properly gives a 404. However, if the URL ID is too short, such as https://ae7.st/d/pAJj58F5ozdoEz_w-fEBd or too long such as https://ae7.st/d/pAJj58F5ozdoEz_w-fEBdwwww, it gives a 500 error. It should properly raise a 404, if the URL does not exist, regardless of length.
@atoponce atoponce added the bug label Aug 25, 2014
@JackZielke
Copy link

This also occurs when search engines try to load robots.txt

66.249.64.24 - - [26/Jan/2015:16:12:23 -0500] "GET /robots.txt HTTP/1.1" 500 5474 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.64.28 - - [26/Jan/2015:16:12:58 -0500] "GET /robots.txt HTTP/1.1" 500 5474 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

@Thijssss
Copy link

Thijssss commented Jan 9, 2017

I ran in to this same issue. Apache cannot overwrite the DocumentError for WSGI unless its running as a deamon. I figured I would just patch it locally for now to get around the issue all together. I used a random word which works OK to get back a regular error message:

--- /linux/d-note-master/dnote/note.py  2015-10-29 21:16:22.000000000 +0100
+++ note.py     2017-01-09 11:51:28.030837067 +0100
@@ -108,8 +108,14 @@

         self.url = url
         url = url + "==" # add the padding back
-        self.nonce = base64.urlsafe_b64decode(url.encode("utf-8"))
-        self.f_key = KDF.PBKDF2(
+
+        try:
+               self.nonce = base64.urlsafe_b64decode(url.encode("utf-8"))
+       except:
+               url = "errormessage=="
+               self.nonce = base64.urlsafe_b64decode(url.encode("utf-8"))
+
+       self.f_key = KDF.PBKDF2(
             self.nonce, dconfig.nonce_salt.decode("hex"), 16)
         self.aes_key = KDF.PBKDF2(
             self.nonce, dconfig.aes_salt.decode("hex"), 32)

@JackZielke
Copy link

I went with a different route but you still end up with normal looking 404s.

Date:   Tue Mar 8 17:49:03 2016 -0500

    404 instead of 500 on incorrect note lengths

diff --git a/dnote/note.py b/dnote/note.py
index 6bb3387..b54d5eb 100644
--- a/dnote/note.py
+++ b/dnote/note.py
@@ -106,6 +106,8 @@ class Note(object):
         keyword arguments:
         url -- the url after the FQDN provided by the client"""
 
+        if len(url) != 22:
+            return
         self.url = url
         url = url + "==" # add the padding back
         self.nonce = base64.urlsafe_b64decode(url.encode("utf-8"))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@atoponce @JackZielke @Thijssss