Bug 8352 - Backtrace in tlwebadm.log with misconfigured /tlwebadm/password
Summary: Backtrace in tlwebadm.log with misconfigured /tlwebadm/password
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Administration (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-27 11:34 CEST by William Sjöblom
Modified: 2024-05-28 13:51 CEST (History)
0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description William Sjöblom cendio 2024-05-27 11:34:57 CEST 
We managed to provoke a stack trace in tlwebadm.log when configuring /tlwebadm/password as follows and trying to log in to tlwebadm:
> tl-config /tlwebadm/password=$6$a4ee837c55d7a915$OR7fWg1ZHZTxZTR1SqCwNKQnweY72jOhJqAJa3/etizbD7mJWwWIocB.xrqc77uhti2puBvXOnUzGqgcGOTUc/
When properly escaping the string (to avoid unintentional variable substitutions), things work as expected. Hence, this is likely caused by improper input sanitation of /tlwebadm/password.
Comment 1 William Sjöblom cendio 2024-05-27 11:35:20 CEST 
> 2024-05-23 10:57:37 INFO tlwebadm[102330]: [::ffff:172.16.1.13] 'GET / HTTP/1.1' 500 -
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13] ----------------------------------------
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13] Exception happened during processing of request from ('::ffff:172.16.1.13', 53817, 0, 0)
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13] Traceback (most recent call last):
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/forkingserver.py", line 62, in process_request
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     self . finish_request ( request , client_address )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 412, in finish_request
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     super ( ) . finish_request ( request , client_address )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/tlstunnel.py", line 71, in finish_request
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     self . TLSRequestHandlerClass ( request , client_address , self )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 83, in __init__
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     super ( ) . __init__ ( request , client_address , server )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/usr/lib64/python3.9/socketserver.py", line 747, in __init__
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     self.handle()
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 385, in handle
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     super ( ) . handle ( )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/usr/lib64/python3.9/http/server.py", line 433, in handle
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     self.handle_one_request()
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 160, in handle_one_request
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     super ( ) . handle_one_request ( )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/usr/lib64/python3.9/http/server.py", line 421, in handle_one_request
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     method()
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/tlwebadm/server.py", line 160, in do_GET
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     if not self . _prepare_method ( ) :
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/tlwebadm/server.py", line 147, in _prepare_method
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     if not self . _check_auth ( ) :
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/tlwebadm/server.py", line 63, in _check_auth
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]     ii1i = check_auth ( iIIIII1i111i . password , oOoo0 )
> 2024-05-23 10:57:37 ERROR tlwebadm[102330]: [::ffff:172.16.1.13]   File "/opt/thinlinc/modules/thinlinc/authutil.py", line 20, in check_auth
Comment 2 William Sjöblom cendio 2024-05-28 13:51:44 CEST 
Last stack trace was apparently chopped. Here's a new one:

> Exception happened during processing of request from ('::ffff:127.0.0.1', 40158, 0, 0)
> Traceback (most recent call last):
>   File "/opt/thinlinc/modules/thinlinc/forkingserver.py", line 62, in process_request
>     self . finish_request ( request , client_address )
>   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 412, in finish_request
>     super ( ) . finish_request ( request , client_address )
>   File "/opt/thinlinc/modules/thinlinc/tlstunnel.py", line 71, in finish_request
>     self . TLSRequestHandlerClass ( request , client_address , self )
>   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 83, in __init__
>     super ( ) . __init__ ( request , client_address , server )
>   File "/usr/lib64/python3.12/socketserver.py", line 761, in __init__
>     self.handle()
>   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 385, in handle
>     super ( ) . handle ( )
>   File "/usr/lib64/python3.12/http/server.py", line 436, in handle
>     self.handle_one_request()
>   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 160, in handle_one_request
>     super ( ) . handle_one_request ( )
>   File "/usr/lib64/python3.12/http/server.py", line 424, in handle_one_request
>     method()
>   File "/opt/thinlinc/modules/thinlinc/tlwebadm/server.py", line 160, in do_GET
>     if not self . _prepare_method ( ) :
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^
>   File "/opt/thinlinc/modules/thinlinc/tlwebadm/server.py", line 147, in _prepare_method
>     if not self . _check_auth ( ) :
>            ^^^^^^^^^^^^^^^^^^^^^^
>   File "/opt/thinlinc/modules/thinlinc/tlwebadm/server.py", line 63, in _check_auth
>     ii1i = check_auth ( iIIIII1i111i . password , oOoo0 )
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>   File "/opt/thinlinc/modules/thinlinc/authutil.py", line 20, in check_auth
>     return crypt ( password , hash_str ) == hash_str
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>   File "/opt/thinlinc/modules/thinlinc/crypt.py", line 229, in crypt
>     raise OSError ( errno . EINVAL , os . strerror ( errno . EINVAL ) )
> OSError: [Errno 22] Invalid argument
Note You need to log in before you can comment on or make changes to this bug.