Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loss of system date information can cause itsdangerous crash. #102

Closed
jifanchn opened this issue Aug 21, 2018 · 3 comments
Closed

Loss of system date information can cause itsdangerous crash. #102

jifanchn opened this issue Aug 21, 2018 · 3 comments

Comments

@jifanchn
Copy link

Flask and itsdangerous crash in an embedded system.

Traceback (most recent call last):
  File "/opt/local/lib/python3.5/site-packages/Flask-0.12.1-py3.5.egg/flask/app.py", line 1982, in wsgi_app
	response = self.full_dispatch_request()
  File "/opt/local/lib/python3.5/site-packages/Flask-0.12.1-py3.5.egg/flask/app.py", line 1615, in full_dispatch_request
	return self.finalize_request(rv)
  File "/opt/local/lib/python3.5/site-packages/Flask-0.12.1-py3.5.egg/flask/app.py", line 1632, in finalize_request
	response = self.process_response(response)
  File "/opt/local/lib/python3.5/site-packages/Flask-0.12.1-py3.5.egg/flask/app.py", line 1858, in process_response
	self.save_session(ctx.session, response)
  File "/opt/local/lib/python3.5/site-packages/Flask-0.12.1-py3.5.egg/flask/app.py", line 924, in save_session
	return self.session_interface.save_session(self, session, response)
  File "/opt/local/lib/python3.5/site-packages/Flask-0.12.1-py3.5.egg/flask/sessions.py", line 363, in save_session
	val = self.get_signing_serializer(app).dumps(dict(session))
  File "/opt/local/lib/python3.5/site-packages/itsdangerous-0.24-py3.5.egg/itsdangerous.py", line 566, in dumps
	rv = self.make_signer(salt).sign(payload)
  File "/opt/local/lib/python3.5/site-packages/itsdangerous-0.24-py3.5.egg/itsdangerous.py", line 409, in sign
	timestamp = base64_encode(int_to_bytes(self.get_timestamp()))
  File "/opt/local/lib/python3.5/site-packages/itsdangerous-0.24-py3.5.egg/itsdangerous.py", line 220, in int_to_bytes
	assert num >= 0
AssertionError

I think this is because date is lost in this system

date
zynq> date
Fri Aug 14 19:25:11 UTC 2009

which causes

def get_timestamp(self):
    """Returns the current timestamp.  This implementation returns the
    seconds since 1/1/2011.  The function must return an integer.
    """
    return int(time.time() - EPOCH)

returns some wrong information (time < 0) and

def int_to_bytes(num):
    assert num >= 0
    rv = []
    while num:
        rv.append(int_to_byte(num & 0xff))
        num >>= 8
    return b''.join(reversed(rv))

assert num >= 0 (which is < 0) failed.

After doing,

zynq> date -s "2018-08-21 15:15:00"
Tue Aug 21 15:15:00 UTC 2018

everything works.
@untitaker
Copy link
Contributor

We can provide a nicer error message but it'sdangerous should still throw an exception

@jifanchn
Copy link
Author

thanks, it's much better.

@davidism
Copy link
Member

Fixed in #46, which removes the epoch adjustment.

@davidism davidism modified the milestone: 1.0.0 Sep 28, 2018
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@untitaker @davidism @jifanchn