1092982 – Insufficient input validation for installation path (Windows)

Bug 1092982 - Insufficient input validation for installation path (Windows)

Summary: Insufficient input validation for installation path (Windows)

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Installer
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ER4
Target Release:	EAP 6.3.0
Assignee:	Miles Tjandrawidjaja
QA Contact:	Petr Kremensky
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-04-30 11:10 UTC by Petr Kremensky
Modified:	2014-06-28 15:39 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-28 15:39:54 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1022448	0	unspecified	CLOSED	Missing input validation for several panels in console installer.	2021-02-22 00:41:40 UTC

Internal Links: 1022448

Description Petr Kremensky 2014-04-30 11:10:35 UTC

Description of problem:
 User is able to enter inaccessible path for EAP installation on Windows.

Version-Release number of selected component (if applicable):
 EAP 6.3.0.ER2

How reproducible:
 Always

Steps to Reproduce:
 1. Start console installation on windows
 2. Select the installation path: X:\test (where X: drive doesn't exist)
 3. Finish the installation

Actual results:
 [ Starting to unpack ]
 [ Processing package: Red Hat JBoss Enterprise Application Platform (1/15) ]
 [ ERROR: Could not create directory
 x:\test\jboss-eap-6.3 ]
 [ Unpacking finished ]
 Error replacing mgmt-users.properties file: x:\test\jboss-eap-6.3\standalone \configuration\mgmt-users.properties (The system cannot find the path specified)

Expected results:
 "This directory can not be written. Please choose another directory." message on path dialogue (6.2.0 behaviour)

Additional info:
 Regression against EAP 6.2.0 installer

Comment 1 Petr Kremensky 2014-04-30 13:10:10 UTC

Same applies for quickstarts target path and other path input panels.

Comment 2 Miles Tjandrawidjaja 2014-04-30 16:57:38 UTC

Check has been fixed for path input panels, drivers that do not exist should now result in a failure.

http://git.app.eng.bos.redhat.com/git/izpack.git/commit/?h=izpack-wip&id=9b14c7c5e3139d17c646e9ac0e9f276085d100ee

Comment 3 Petr Kremensky 2014-05-07 13:10:51 UTC

I am still able to use x:\test, can you please make a check case insensitive.

Comment 4 Francisco Canas 2014-05-07 13:30:10 UTC

Changed the regex in the validation to be case insensitive:

http://git.app.eng.bos.redhat.com/git/izpack.git/commit/?id=9be3bc2a8668e6ae5b40899a5d0738586a251aaf

Comment 5 Petr Kremensky 2014-05-15 07:59:24 UTC

Verified on EAP 6.3.0.ER4 installer.

Note You need to log in before you can comment on or make changes to this bug.