Bug 772043
Summary: | Adding a netgroup with a "+" in the name that overlaps hostgroup causes crash | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0 | CC: | dpal, jamescape777, jgalipea, mkosek, shaines, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.2.0-3.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: IPA netgroup plugin does not validate netgroup names.
Consequence: A netgroup with invalid name can be stored in LDAP server which may then crash when the invalid value is processed by NIS plugin.
Fix: IPA netgroup plugin enforces stricter validation for netgroup names.
Result: User cannot accidentally enter invalid netgroup and thus cause an LDAP server to crash because of NIS plugin processing.
|
Story Points: | --- |
Clone Of: | 770952 | Environment: | |
Last Closed: | 2012-06-20 13:28:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 770952 | ||
Bug Blocks: |
Description
Dmitri Pal
2012-01-05 18:13:24 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2221 Allowed characters are a-z, 0-9, -, _ and . Also restricting hostgroup names with same list. Fixed upstream master: 7d7322de2eb0de61ea917d03662452d3efa4c834 ipa-2-2: 85462d063453f8614b63eddbba568fed034b0037 Verified. Version :: ipa-server-2.2.0-4.el6.x86_64 Automated Test Results :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: netgroup_bz_772043: Adding a netgroup with a + in the name that overlaps hostgroup causes crash :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'ipa netgroup-add +badtestnetgroup --desc=netgroup_with_plus_kills_dirsrv > /netgroup_bz_772043.29569.out 2>&1' :: [ PASS ] :: BZ 772043 not found...fix is in place for ipa command :: [ PASS ] :: Running 'ipactl status > /netgroup_bz_772043.29569.out 2>&1' :: [ LOG ] :: Duration: 5s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: netgroup_bz_772043: Adding a netgroup with a + in the name that overlaps hostgroup causes crash Manual Test Results :: [root@hp-xw6600-01 ipa-netgroup-cli]# ipa-compat-manage status Directory Manager password: Plugin Enabled [root@hp-xw6600-01 ipa-netgroup-cli]# ipa netgroup-add +badtestnetgroup --desc=netgroup_with_plus_kills_dirsrv ipa: ERROR: invalid 'name': may only include letters, numbers, _, -, and . [root@hp-xw6600-01 ipa-netgroup-cli]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING DNS Service: RUNNING MEMCACHE Service: RUNNING HTTP Service: RUNNING CA Service: RUNNING Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: IPA netgroup plugin does not validate netgroup names. Consequence: A netgroup with invalid name can be stored in LDAP server which may then crash when the invalid value is processed by NIS plugin. Fix: IPA netgroup plugin enforces stricter validation for netgroup names. Result: User cannot accidentally enter invalid netgroup and thus cause an LDAP server to crash because of NIS plugin processing. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |