Project

General

Profile

Bug #2100

KS provisioning template regexp buffer overflow

Added by Alejandro Falcon over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Templates
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

OS: Centos 6.3
Foreman version 1.1 RC3 from RPM

How to reproduce:
Create a new provisioning template with the content of the attached file.
Assign to a host and check it on templete review.
It ill show this message: "There was an error rendering the KS template: regexp buffer overflow"

Note: This was working ok on version 1.0.1.

ks-bug.txt ks-bug.txt 2.06 KB Alejandro Falcon, 01/03/2013 04:19 PM
Gemfile.lock Gemfile.lock 3.52 KB Alejandro Falcon, 01/06/2013 01:53 PM

Related issues

Related to Foreman - Tracker #4656: Drop Ruby 1.8 supportClosed

Associated revisions

Revision d5226015 (diff)
Added by Dominic Cleal over 6 years ago

fixes #2100 - fix regexp overflow on MRI 1.8 with older safemode/ruby_parser

History

#1 Updated by Alejandro Falcon over 6 years ago

Attached Gemfile.lock

#2 Updated by Dominic Cleal over 6 years ago

Confirmed on EL 6.4 with Foreman RC4, ruby_parser 3.0.1 (hm, should be 3.0.4) and safemode 1.1.0.

#3 Updated by Ohad Levy over 6 years ago

does it work correctly on 3.0.4?

#4 Updated by Dominic Cleal over 6 years ago

Ohad Levy wrote:

does it work correctly on 3.0.4?

No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.

#5 Updated by Daniel Verniers over 6 years ago

OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb

I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.

Are there any workarounds?

Thankx.

Daniel

#6 Updated by Daniel Verniers over 6 years ago

There was an error rendering the TEMPLATE_NAME template: regexp buffer overflow

#7 Updated by Dominic Cleal over 6 years ago

Daniel Verniers wrote:

OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb

I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.

Are there any workarounds?

Disabling safemode_render under More->Settings->Provisioning is the only one I'm aware of. This means users with edit rights on provisioning templates can execute code in Foreman.

#8 Updated by Greg Sutcliffe over 6 years ago

Daniel, do you have a sample preseed you can attach that shows the problem? be nice to cross-reference with the broken KS example.

#9 Updated by Daniel Verniers over 6 years ago

@Dominic

This has solved the problem for the moment

@Greg

I'll come back to your question later - i will create a minimal version of my preseed file as an example

#10 Updated by Ohad Levy over 6 years ago

@Danial, please let us know, as I would consider this a blocker for 1.1 release

#11 Updated by Ohad Levy over 6 years ago

  • Target version deleted (1.1)

I don't consider this as a blocker for 1.1 release, since there is a workaround (which should be clearly documented in the release notes).

Since there is no trivial fix to resolved, I'm removing the 1.1 milestone from it.

#12 Updated by Dmitri Dolguikh over 6 years ago

Dominic Cleal wrote:

Ohad Levy wrote:

does it work correctly on 3.0.4?

No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.

This is a stack overflow in 1.8.7 regex library. 1.9.3 is unaffected.

#13 Updated by Dominic Cleal over 6 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal

I think to resolve this for MRI 1.8 we'll revert the versions of safemode and ruby_parser to their previous versions, but use the current version for MRI 1.9 where we need recent fixes to function.

#14 Updated by Dominic Cleal over 6 years ago

  • Status changed from Assigned to Ready For Testing

#15 Updated by Dominic Cleal over 6 years ago

This is going to bring back #2217 (the warnings about redefined constants). Not sure if it's worth worrying about, or putting in our own code for defining the constants in Regexp so we don't hit the issue.

#16 Updated by Ohad Levy over 6 years ago

  • Target version set to 1.2.0

#17 Updated by Dominic Cleal over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#18 Updated by Dominic Cleal about 5 years ago

Also available in: Atom PDF