Bug 40805 – Error when registering an App with certain characters in Version=

Bug 40805 - Error when registering an App with certain characters in Version=


Summary:	Error when registering an App with certain characters in Version=

Status:	CLOSED DUPLICATE of bug 41905

Product:	UCS
Classification:	Unclassified
Component:	App Center
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2
Assigned To:	Dirk Wiesenthal
QA Contact:	Florian Best

URL:
Keywords:	interim-2

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-03-01 11:52 CET by Dirk Wiesenthal
Modified:	2017-04-04 18:28 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Wiesenthal

2016-03-01 11:52:45 CET

ini:
 Version=2<strong>alert('Hallo')</strong>

univention-app register

Marking univention-demo-data=2<strong>alert('Hallo')</strong> as installed
{'info': 'invalid DN', 'desc': 'Invalid DN syntax'}
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/__init__.py", line 182, in call_with_namespace
    result = self.main(namespace)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 75, in main
    self._register_app_for_apps(apps, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 231, in _register_app_for_apps
    updates.update(self._register_app(app, args, lo, pos, delay=True))
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 250, in _register_app
    ldap_object = get_app_ldap_object(app, lo, pos, or_create=True)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 246, in get_app_ldap_object
    return ApplicationLDAPObject(app, lo, pos, or_create)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 139, in __init__
    self._reload(app, create_if_not_exists)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 150, in _reload
    udm_obj = init_object('appcenter/app', self._lo, self._pos, self.dn)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 70, in init_object
    obj = udm_objects.get(module, None, lo, pos, dn)
  File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 73, in get
    superordinate = get_superordinate( module, co, lo, dn or position.getDn() )
  File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 57, in get_superordinate
    attr = lo.get( dn )
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 342, in get
    return self.lo.get(dn, attr, required)
  File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 272, in get
    '(objectClass=*)', attr )
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 553, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}


Two fixes: Limit Version to safe characters or fix the UDM calls. I guess there is no need to allow everything in Version (which would be the easy fix), yet not fixing the UDM call may lead to errors later on.

Comment 1 Dirk Wiesenthal

2017-02-23 19:25:07 CET


*** This bug has been marked as a duplicate of bug 41905 ***

Comment 2 Florian Best

2017-02-24 06:59:31 CET

Yes, duplicate.

Comment 3 Stefan Gohmann

2017-04-04 18:28:43 CEST

UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".