Univention Bugzilla – Full Text Bug Listing |
Summary: | Python 3: LDAP_Search Syntax may crash the UMC UDM module | ||
---|---|---|---|
Product: | UCS | Reporter: | Dirk Wiesenthal <wiesenthal> |
Component: | UMC - LDAP directory | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Christian Castens <castens> |
Severity: | normal | ||
Priority: | P5 | CC: | best |
Version: | UCS 5.0 | Keywords: | python3-migration |
Target Milestone: | UCS 5.0-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://git.knut.univention.de/univention/ucs/-/merge_requests/202 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Regression | |
Max CVSS v3 score: |
Description
Dirk Wiesenthal
2021-12-03 17:46:40 CET
Seems to be umc/python/udm/udm_ldap.py def read_syntax_choices if issubclass(syn.__class__, udm_syntax.LDAP_Search): mod_store, store = split_module_attr(store_pattern) if store == 'dn': id = dn elif store in obj: id = obj[store] elif store in obj.oldattr and obj.oldattr[store]: id = obj.oldattr[store][0] # bytes! Decoding of LDAP attribute values to the LDAP_Search syntax class has been fixed. univention-management-console-module-udm.yaml d78b82bb6076 | fixup! Bug #54190: fix transformation of LDAP values from LDAP_Search syntax from bytes univention-management-console-module-udm (10.0.1-23) d78b82bb6076 | fixup! Bug #54190: fix transformation of LDAP values from LDAP_Search syntax from bytes univention-management-console-module-udm (10.0.1-22) 621dfe34372c | Bug #54190: Merge branch 'fbest/54190-fix-python3-ldap-search-syntax-evaluation' into 5.0-1 955e7200b9d6 | Bug #54190: fix transformation of LDAP values from LDAP_Search syntax from bytes Reproducer: curl -i http://Administrator:univention@localhost/univention/command/udm/syntax/choices -H 'Content-Type: application/json' -d '{"options":{"syntax": "LDAP_Search", "options": {"viewonly": false, "filter": "univentionObjectType=users/user", "attributes": ["users/user: uid"], "value": "users/user: uid", "syntax": "my-syntax", "base": "", "empty": true, "empty_end": true}}}' → HTTP/1.1 510 Not Extended. Traceback occurs in /var/log/univention/management-console-module-udm.log (And this one was already fixed in another UCS 5.0 erratum): curl -i http://Administrator:univention@localhost/univention/command/udm/syntax/choices -H 'Content-Type: application/json' -d '{"options":{"syntax": "LDAP_Search", "options": {"viewonly": true, "filter": "univentionObjectType=users/user", "attributes": ["users/user: uid"], "value": "dn", "syntax": "my-syntax", "base": "", "empty": true, "empty_end": true}}}' Functionality tested: - curl -i http://Administrator:univention@localhost/univention/command/udm/syntax/choices -H 'Content-Type: application/json' -d '{"options":{"syntax": "LDAP_Search", "options": {"viewonly": false, "filter": "univentionObjectType=users/user", "attributes": ["users/user: uid"], "value": "users/user: uid", "syntax": "my-syntax", "base": "", "empty": true, "empty_end": true}}}' OK code review OK yaml, changelog OK |