Project

General

Profile

Actions

Bug #2100

closed

KS provisioning template regexp buffer overflow

Added by Alejandro Falcon about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Templates
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

OS: Centos 6.3
Foreman version 1.1 RC3 from RPM

How to reproduce:
Create a new provisioning template with the content of the attached file.
Assign to a host and check it on templete review.
It ill show this message: "There was an error rendering the KS template: regexp buffer overflow"

Note: This was working ok on version 1.0.1.


Files

ks-bug.txt ks-bug.txt 2.06 KB Alejandro Falcon, 01/03/2013 04:19 PM
Gemfile.lock Gemfile.lock 3.52 KB Alejandro Falcon, 01/06/2013 01:53 PM

Related issues 1 (0 open1 closed)

Related to Foreman - Tracker #4656: Drop Ruby 1.8 supportClosed

Actions
Actions #1

Updated by Alejandro Falcon about 11 years ago

Attached Gemfile.lock

Actions #2

Updated by Dominic Cleal about 11 years ago

Confirmed on EL 6.4 with Foreman RC4, ruby_parser 3.0.1 (hm, should be 3.0.4) and safemode 1.1.0.

Actions #3

Updated by Ohad Levy about 11 years ago

does it work correctly on 3.0.4?

Actions #4

Updated by Dominic Cleal about 11 years ago

Ohad Levy wrote:

does it work correctly on 3.0.4?

No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.

Actions #5

Updated by Daniel Verniers about 11 years ago

OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb

I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.

Are there any workarounds?

Thankx.

Daniel

Actions #6

Updated by Daniel Verniers about 11 years ago

There was an error rendering the TEMPLATE_NAME template: regexp buffer overflow

Actions #7

Updated by Dominic Cleal about 11 years ago

Daniel Verniers wrote:

OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb

I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.

Are there any workarounds?

Disabling safemode_render under More->Settings->Provisioning is the only one I'm aware of. This means users with edit rights on provisioning templates can execute code in Foreman.

Actions #8

Updated by Greg Sutcliffe about 11 years ago

Daniel, do you have a sample preseed you can attach that shows the problem? be nice to cross-reference with the broken KS example.

Actions #9

Updated by Daniel Verniers about 11 years ago

@Dominic

This has solved the problem for the moment

@Greg Sutcliffe

I'll come back to your question later - i will create a minimal version of my preseed file as an example

Actions #10

Updated by Ohad Levy about 11 years ago

@Danial, please let us know, as I would consider this a blocker for 1.1 release

Actions #11

Updated by Ohad Levy about 11 years ago

  • Target version deleted (1.1)

I don't consider this as a blocker for 1.1 release, since there is a workaround (which should be clearly documented in the release notes).

Since there is no trivial fix to resolved, I'm removing the 1.1 milestone from it.

Actions #12

Updated by Anonymous about 11 years ago

Dominic Cleal wrote:

Ohad Levy wrote:

does it work correctly on 3.0.4?

No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.

This is a stack overflow in 1.8.7 regex library. 1.9.3 is unaffected.

Actions #13

Updated by Dominic Cleal about 11 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal

I think to resolve this for MRI 1.8 we'll revert the versions of safemode and ruby_parser to their previous versions, but use the current version for MRI 1.9 where we need recent fixes to function.

Actions #14

Updated by Dominic Cleal about 11 years ago

  • Status changed from Assigned to Ready For Testing
Actions #15

Updated by Dominic Cleal about 11 years ago

This is going to bring back #2217 (the warnings about redefined constants). Not sure if it's worth worrying about, or putting in our own code for defining the constants in Regexp so we don't hit the issue.

Actions #16

Updated by Ohad Levy about 11 years ago

  • Target version set to 1.2.0
Actions #17

Updated by Dominic Cleal about 11 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #18

Updated by Dominic Cleal about 10 years ago

Actions

Also available in: Atom PDF