Bug #2100
KS provisioning template regexp buffer overflow
Description
OS: Centos 6.3
Foreman version 1.1 RC3 from RPM
How to reproduce:
Create a new provisioning template with the content of the attached file.
Assign to a host and check it on templete review.
It ill show this message: "There was an error rendering the KS template: regexp buffer overflow"
Note: This was working ok on version 1.0.1.
Related issues
Associated revisions
History
#1
Updated by Alejandro Falcon over 8 years ago
- File Gemfile.lock Gemfile.lock added
Attached Gemfile.lock
#2
Updated by Dominic Cleal over 8 years ago
Confirmed on EL 6.4 with Foreman RC4, ruby_parser 3.0.1 (hm, should be 3.0.4) and safemode 1.1.0.
#3
Updated by Ohad Levy over 8 years ago
does it work correctly on 3.0.4?
#4
Updated by Dominic Cleal over 8 years ago
Ohad Levy wrote:
does it work correctly on 3.0.4?
No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.
#5
Updated by Daniel Verniers about 8 years ago
OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb
I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.
Are there any workarounds?
Thankx.
Daniel
#6
Updated by Daniel Verniers about 8 years ago
There was an error rendering the TEMPLATE_NAME template: regexp buffer overflow
#7
Updated by Dominic Cleal about 8 years ago
Daniel Verniers wrote:
OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from debI have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.Are there any workarounds?
Disabling safemode_render
under More->Settings->Provisioning is the only one I'm aware of. This means users with edit rights on provisioning templates can execute code in Foreman.
#8
Updated by Greg Sutcliffe about 8 years ago
Daniel, do you have a sample preseed you can attach that shows the problem? be nice to cross-reference with the broken KS example.
#9
Updated by Daniel Verniers about 8 years ago
@Dominic
This has solved the problem for the moment
@Greg
I'll come back to your question later - i will create a minimal version of my preseed file as an example
#10
Updated by Ohad Levy about 8 years ago
@Danial, please let us know, as I would consider this a blocker for 1.1 release
#11
Updated by Ohad Levy about 8 years ago
- Target version deleted (
1.1)
I don't consider this as a blocker for 1.1 release, since there is a workaround (which should be clearly documented in the release notes).
Since there is no trivial fix to resolved, I'm removing the 1.1 milestone from it.
#12
Updated by Dmitri Dolguikh about 8 years ago
Dominic Cleal wrote:
Ohad Levy wrote:
does it work correctly on 3.0.4?
No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.
This is a stack overflow in 1.8.7 regex library. 1.9.3 is unaffected.
#13
Updated by Dominic Cleal about 8 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
I think to resolve this for MRI 1.8 we'll revert the versions of safemode and ruby_parser to their previous versions, but use the current version for MRI 1.9 where we need recent fixes to function.
#14
Updated by Dominic Cleal about 8 years ago
- Status changed from Assigned to Ready For Testing
#15
Updated by Dominic Cleal about 8 years ago
This is going to bring back #2217 (the warnings about redefined constants). Not sure if it's worth worrying about, or putting in our own code for defining the constants in Regexp so we don't hit the issue.
#16
Updated by Ohad Levy about 8 years ago
- Target version set to 1.2.0
#17
Updated by Dominic Cleal about 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset d52260159f1da0ea5341011c2c8705a7d75226ca.
#18
Updated by Dominic Cleal about 7 years ago
- Related to Tracker #4656: Drop Ruby 1.8 support added
fixes #2100 - fix regexp overflow on MRI 1.8 with older safemode/ruby_parser