Univention Bugzilla – Bug 54190
Python 3: LDAP_Search Syntax may crash the UMC UDM module
Last modified: 2022-03-16 15:18:04 CET
LDAP_Search (used by udm settings/syntax) can crash the UMC module of UDM: 03.12.21 14:50:36.935 PROTOCOL ( ERROR ) : Could not JSON serialize message: {'result': [{'id': '', 'label': ''}, {'module': 'udm', 'flavor': 'oxmail/oxcontext', 'objectType': 'oxmail/oxcontext', 'id': b'40', 'label': 'c40', 'icon': 'udm-oxmail-oxcontext'}], 'message': None, 'headers': {'Vary': 'Content-Language', 'Content-Language': 'de-DE'}, 'error': None, 'reason': None, 'status': 200} 03.12.21 14:50:36.935 MAIN ( WARN ) : Shutting down all open connections 03.12.21 14:50:36.937 MODULE ( ERROR ) : Traceback (most recent call last): File "/usr/sbin/univention-management-console-module", line 122, in <module> notifier.loop() File "/usr/lib/python3/dist-packages/notifier/nf_generic.py", line 306, in loop step() File "/usr/lib/python3/dist-packages/notifier/nf_generic.py", line 297, in step __min_timer = dispatch.dispatcher_run() File "/usr/lib/python3/dist-packages/notifier/dispatch.py", line 75, in dispatcher_run if not disp(): File "/usr/lib/python3/dist-packages/notifier/threads.py", line 161, in _simple_threads_dispatcher task.announce() File "/usr/lib/python3/dist-packages/notifier/threads.py", line 139, in announce self._callback(self, self._result) File "/usr/lib/python3/dist-packages/notifier/__init__.py", line 105, in __call__ return self._function(*tmp, **self._kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 283, in thread_finished_callback self.finished(request.id, result) File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 465, in finished self.result(res) File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 469, in result self.signal_emit('success', response) File "/usr/lib/python3/dist-packages/notifier/signals.py", line 87, in signal_emit self.__signals[signal].emit(*args) File "/usr/lib/python3/dist-packages/notifier/signals.py", line 50, in emit if cb(*args): File "/usr/lib/python3/dist-packages/notifier/__init__.py", line 105, in __call__ return self._function(*tmp, **self._kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/protocol/modserver.py", line 141, in _reply self.response(msg) File "/usr/lib/python3/dist-packages/univention/management/console/protocol/modserver.py", line 376, in response self.__queue += bytes(msg) File "/usr/lib/python3/dist-packages/univention/management/console/protocol/message.py", line 346, in __bytes__ return Message._formattedMessage(self._id, self._type, self.mimetype, self.command, body, self.arguments) File "/usr/lib/python3/dist-packages/univention/management/console/protocol/message.py", line 123, in _formattedMessage data = json.dumps(body) File "/usr/lib/python3.7/json/__init__.py", line 231, in dumps return _default_encoder.encode(obj) File "/usr/lib/python3.7/json/encoder.py", line 199, in encode chunks = self.iterencode(o, _one_shot=True) File "/usr/lib/python3.7/json/encoder.py", line 257, in iterencode return _iterencode(o, 0) File "/usr/lib/python3.7/json/encoder.py", line 179, in default raise TypeError(f'Object of type {o.__class__.__name__} ' TypeError: Object of type bytes is not JSON serializable
Seems to be umc/python/udm/udm_ldap.py def read_syntax_choices if issubclass(syn.__class__, udm_syntax.LDAP_Search): mod_store, store = split_module_attr(store_pattern) if store == 'dn': id = dn elif store in obj: id = obj[store] elif store in obj.oldattr and obj.oldattr[store]: id = obj.oldattr[store][0] # bytes!
Yes, fix in: https://git.knut.univention.de/univention/ucs/-/merge_requests/202
Decoding of LDAP attribute values to the LDAP_Search syntax class has been fixed. univention-management-console-module-udm.yaml d78b82bb6076 | fixup! Bug #54190: fix transformation of LDAP values from LDAP_Search syntax from bytes univention-management-console-module-udm (10.0.1-23) d78b82bb6076 | fixup! Bug #54190: fix transformation of LDAP values from LDAP_Search syntax from bytes univention-management-console-module-udm (10.0.1-22) 621dfe34372c | Bug #54190: Merge branch 'fbest/54190-fix-python3-ldap-search-syntax-evaluation' into 5.0-1 955e7200b9d6 | Bug #54190: fix transformation of LDAP values from LDAP_Search syntax from bytes
Reproducer: curl -i http://Administrator:univention@localhost/univention/command/udm/syntax/choices -H 'Content-Type: application/json' -d '{"options":{"syntax": "LDAP_Search", "options": {"viewonly": false, "filter": "univentionObjectType=users/user", "attributes": ["users/user: uid"], "value": "users/user: uid", "syntax": "my-syntax", "base": "", "empty": true, "empty_end": true}}}' → HTTP/1.1 510 Not Extended. Traceback occurs in /var/log/univention/management-console-module-udm.log (And this one was already fixed in another UCS 5.0 erratum): curl -i http://Administrator:univention@localhost/univention/command/udm/syntax/choices -H 'Content-Type: application/json' -d '{"options":{"syntax": "LDAP_Search", "options": {"viewonly": true, "filter": "univentionObjectType=users/user", "attributes": ["users/user: uid"], "value": "dn", "syntax": "my-syntax", "base": "", "empty": true, "empty_end": true}}}'
Functionality tested: - curl -i http://Administrator:univention@localhost/univention/command/udm/syntax/choices -H 'Content-Type: application/json' -d '{"options":{"syntax": "LDAP_Search", "options": {"viewonly": false, "filter": "univentionObjectType=users/user", "attributes": ["users/user: uid"], "value": "users/user: uid", "syntax": "my-syntax", "base": "", "empty": true, "empty_end": true}}}' OK code review OK yaml, changelog OK
<https://errata.software-univention.de/#/?erratum=5.0x250>