[GH-ISSUE #319] incorrect padding for binascii.a2b_base64 #249

Closed
opened 2026-02-26 09:36:55 +03:00 by kerem · 4 comments
Owner

Originally created by @ThomasWaldmann on GitHub (Jun 20, 2017).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/319

Originally assigned to: @ThomasWaldmann on GitHub.

Internal Server Error: /domain/1169/
Traceback (most recent call last):
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/utils/decorators.py", line 34, in _wrapper
    return bound_func(*args, **kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py", line 22, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/utils/decorators.py", line 30, in bound_func
    return func.__get__(self, type(self))(*args2, **kwargs2)
  File "/srv/nsupdate.info/repo/nsupdate/main/views.py", line 469, in dispatch
    return super(DomainView, self).dispatch(*args, **kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/base.py", line 89, in dispatch
    return handler(request, *args, **kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/edit.py", line 272, in post
    return super(BaseUpdateView, self).post(request, *args, **kwargs)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/edit.py", line 214, in post
    if form.is_valid():
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 184, in is_valid
    return self.is_bound and not self.errors
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 176, in errors
    self.full_clean()
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 393, in full_clean
    self._clean_form()
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 417, in _clean_form
    cleaned_data = self.clean()
  File "/srv/nsupdate.info/repo/nsupdate/main/forms.py", line 71, in clean
    check_domain(self.instance.name)
  File "/srv/nsupdate.info/repo/nsupdate/main/dnstools.py", line 117, in check_domain
    add(fqdn, socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
  File "/srv/nsupdate.info/repo/nsupdate/main/dnstools.py", line 155, in add
    update_ns(fqdn, rdtype, ipaddr, action=action, ttl=ttl)
  File "/srv/nsupdate.info/repo/nsupdate/main/dnstools.py", line 335, in update_ns
    keyring=dns.tsigkeyring.from_text({keyname: key}),
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/dns/tsigkeyring.py", line 33, in from_text
    secret = base64.decodestring(maybe_encode(textring[keytext]))
  File "/usr/lib/python2.7/base64.py", line 321, in decodestring
    return binascii.a2b_base64(s)
Error: Incorrect padding
Originally created by @ThomasWaldmann on GitHub (Jun 20, 2017). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/319 Originally assigned to: @ThomasWaldmann on GitHub. ``` Internal Server Error: /domain/1169/ Traceback (most recent call last): File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/base.py", line 71, in view return self.dispatch(request, *args, **kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/utils/decorators.py", line 34, in _wrapper return bound_func(*args, **kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py", line 22, in _wrapped_view return view_func(request, *args, **kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/utils/decorators.py", line 30, in bound_func return func.__get__(self, type(self))(*args2, **kwargs2) File "/srv/nsupdate.info/repo/nsupdate/main/views.py", line 469, in dispatch return super(DomainView, self).dispatch(*args, **kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/base.py", line 89, in dispatch return handler(request, *args, **kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/edit.py", line 272, in post return super(BaseUpdateView, self).post(request, *args, **kwargs) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/views/generic/edit.py", line 214, in post if form.is_valid(): File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 184, in is_valid return self.is_bound and not self.errors File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 176, in errors self.full_clean() File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 393, in full_clean self._clean_form() File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/forms/forms.py", line 417, in _clean_form cleaned_data = self.clean() File "/srv/nsupdate.info/repo/nsupdate/main/forms.py", line 71, in clean check_domain(self.instance.name) File "/srv/nsupdate.info/repo/nsupdate/main/dnstools.py", line 117, in check_domain add(fqdn, socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))) File "/srv/nsupdate.info/repo/nsupdate/main/dnstools.py", line 155, in add update_ns(fqdn, rdtype, ipaddr, action=action, ttl=ttl) File "/srv/nsupdate.info/repo/nsupdate/main/dnstools.py", line 335, in update_ns keyring=dns.tsigkeyring.from_text({keyname: key}), File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/dns/tsigkeyring.py", line 33, in from_text secret = base64.decodestring(maybe_encode(textring[keytext])) File "/usr/lib/python2.7/base64.py", line 321, in decodestring return binascii.a2b_base64(s) Error: Incorrect padding ```
kerem closed this issue 2026-02-26 09:36:55 +03:00
Author
Owner

@DanielO commented on GitHub (Apr 12, 2018):

I had this, the secret is too long for the field and gets truncated.

--- ./nsupdate/main/models.py.orig      2018-04-12 13:33:26.221719000 +0000
+++ ./nsupdate/main/models.py   2018-04-12 13:33:35.901131000 +0000
@@ -99,7 +99,7 @@
         help_text=_("IP where DNS queries for this zone will be sent to"))
     nameserver_update_secret = models.CharField(
         _("nameserver update secret"),
-        max_length=88,  # 512 bits base64 -> 88 bytes
+        max_length=90,  # 512 bits base64
         default='',
         help_text=_("Shared secret that allows updating this zone (base64 encoded)"))
     nameserver_update_algorithm = models.CharField(

Although after this patch it complains it can't set/delete connectivity-test.mydomain :(

<!-- gh-comment-id:380808497 --> @DanielO commented on GitHub (Apr 12, 2018): I had this, the secret is too long for the field and gets truncated. ``` --- ./nsupdate/main/models.py.orig 2018-04-12 13:33:26.221719000 +0000 +++ ./nsupdate/main/models.py 2018-04-12 13:33:35.901131000 +0000 @@ -99,7 +99,7 @@ help_text=_("IP where DNS queries for this zone will be sent to")) nameserver_update_secret = models.CharField( _("nameserver update secret"), - max_length=88, # 512 bits base64 -> 88 bytes + max_length=90, # 512 bits base64 default='', help_text=_("Shared secret that allows updating this zone (base64 encoded)")) nameserver_update_algorithm = models.CharField( ``` Although after this patch it complains it can't set/delete connectivity-test.mydomain :(
Author
Owner

@DanielO commented on GitHub (Apr 12, 2018):

Actually turns out I had the key setup incorrectly and it works with that patch!

<!-- gh-comment-id:380814276 --> @DanielO commented on GitHub (Apr 12, 2018): Actually turns out I had the key setup incorrectly and it works with that patch!
Author
Owner

@ThomasWaldmann commented on GitHub (Apr 12, 2018):

@DanielO can you explain why 90 is correct and 88 isn't?

When base64-encoding a 512bits long bytes object, I get a bytes object of length 88.

<!-- gh-comment-id:380823004 --> @ThomasWaldmann commented on GitHub (Apr 12, 2018): @DanielO can you explain why 90 is correct and 88 isn't? When base64-encoding a 512bits long bytes object, I get a bytes object of length 88.
Author
Owner

@DanielO commented on GitHub (Apr 12, 2018):

Ah wait, I just realised my issue..
I ran "dnssec-keygen -a HMAC-SHA512 -b 512 -n ENTITY ddns" and copied the key from the .key file which is 89 bytes long but the .private key is 88 characters long.

I have absolutely no idea why they are different though!

<!-- gh-comment-id:380824229 --> @DanielO commented on GitHub (Apr 12, 2018): Ah wait, I just realised my issue.. I ran "dnssec-keygen -a HMAC-SHA512 -b 512 -n ENTITY ddns" and copied the key from the .key file which is 89 bytes long but the .private key is 88 characters long. I have absolutely no idea why they are different though!
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nsupdate.info-nsupdate-info#249
No description provided.