Bug 879546 - Providing broken entitlement certificate leads to unhandled error in rhui-manager
Summary: Providing broken entitlement certificate leads to unhandled error in rhui-man...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: Tools
Version: 2.1
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: ---
: 2.1.1
Assignee: James Slagle
QA Contact: mkovacik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-23 09:48 UTC by Vitaly Kuznetsov
Modified: 2013-02-27 17:00 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Uploading a broken certificate to rhui-manager returned an unhandled trace back error. This fix updates cert.py so rhui-manager displays a proper error message.
Clone Of:
Environment:
Last Closed: 2013-02-27 17:00:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0571 0 normal SHIPPED_LIVE Red Hat Update Infrastructure 2.1.1 bug fix update 2013-02-27 21:58:22 UTC

Description Vitaly Kuznetsov 2012-11-23 09:48:03 UTC 
Description of problem:
Possible errors in X509 certificate are not handled properly. 

# rhui-manager cert upload --cert /root/test_90961.pem
Traceback (most recent call last):
  File "/usr/bin/rhui-manager", line 16, in <module>
    rhui.tools.launcher.main()
  File "/usr/lib/python2.6/site-packages/rhui/tools/launcher.py", line 348, in main
    cli.run(args)
  File "/usr/lib/python2.6/site-packages/rhui/common/cli.py", line 272, in run
    command_or_section.execute(remaining_args)
  File "/usr/lib/python2.6/site-packages/rhui/common/cli.py", line 113, in execute
    self.method(**arg_dict)
  File "/usr/lib/python2.6/site-packages/rhui/tools/commands/cert.py", line 52, in upload
    self.cert_manager.add_certificate(cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cert_manager.py", line 273, in add_certificate
    entitlements = cert_utils.entitlements_in_cert(cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/common/cert_utils.py", line 52, in entitlements_in_cert
    cert.read(cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/common/certificate.py", line 123, in read
    self.update(content)
  File "/usr/lib/python2.6/site-packages/rhui/common/certificate.py", line 46, in update
    x509 = X509.load_cert_string(content)
  File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 655, in load_cert_string
    return load_cert_bio(bio, format)
  File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 639, in load_cert_bio
    raise X509Error(Err.get_error())
M2Crypto.X509.X509Error: 140146117134080:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
140146117134080:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1307:
140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:660:
140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:712:
140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=issuer, Type=X509_CINF
140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=cert_info, Type=X509
140146117134080:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:


Version-Release number of selected component (if applicable):
rh-rhui-tools-2.1.13-1.el6_3.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install RHUI
2. Get broken entitlement certificate (sed -i 's,a,b,' /path/to/cert, for example)
3. Try to upload this cert to RHUI
  
Actual results:
Python trace

Expected results:
Error message like 'Provided content cert is broken'

Additional info:
Comment 1 James Slagle 2013-01-28 20:16:57 UTC 
The traceback is no longer shown on the command line, and I added the follow message to the output for this error:
"The given certificate appears malformed.  See the log file for more information."

cloude commit: 93e031fba753c09bf8e306e268b45bbd53fa3357
Comment 2 Vitaly Kuznetsov 2013-02-04 13:21:01 UTC 
[root@rhua ~]# rpm -q rh-rhui-tools 
rh-rhui-tools-2.1.15-1.el6_3.noarch

[root@rhua ~]# mkdir -p `dirname /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem` && echo SUCCESS
SUCCESS
[root@rhua ~]# cat /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem | sed 's,a,b,' > /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem.broken && echo SUCCESS
SUCCESS
[root@rhua ~]# rhui-manager cert upload --cert /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem.broken
The given certificate appears malformed.  See the log file for more information.

An unexpected error has occurred during the last operation.

140408666932992:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
140408666932992:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1307:
140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:660:
140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:712:
140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=issuer, Type=X509_CINF
140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=cert_info, Type=X509
140408666932992:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
Comment 4 errata-xmlrpc 2013-02-27 17:00:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0571.html
Note You need to log in before you can comment on or make changes to this bug.