KS provisioning template regexp buffer overflow
OS: Centos 6.3
Foreman version 1.1 RC3 from RPM
How to reproduce:
Create a new provisioning template with the content of the attached file.
Assign to a host and check it on templete review.
It ill show this message: "There was an error rendering the KS template: regexp buffer overflow"
Note: This was working ok on version 1.0.1.
#7 Updated by Dominic Cleal about 7 years ago
Daniel Verniers wrote:
OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb
I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.
Are there any workarounds?
safemode_render under More->Settings->Provisioning is the only one I'm aware of. This means users with edit rights on provisioning templates can execute code in Foreman.
#12 Updated by Dmitri Dolguikh almost 7 years ago
Dominic Cleal wrote:
Ohad Levy wrote:
does it work correctly on 3.0.4?
No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.
This is a stack overflow in 1.8.7 regex library. 1.9.3 is unaffected.
#13 Updated by Dominic Cleal almost 7 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
I think to resolve this for MRI 1.8 we'll revert the versions of safemode and ruby_parser to their previous versions, but use the current version for MRI 1.9 where we need recent fixes to function.