Bug #2100
closed
KS provisioning template regexp buffer overflow
Added by Alejandro Falcon about 12 years ago. Updated almost 12 years ago.
Description
OS: Centos 6.3
Foreman version 1.1 RC3 from RPM
How to reproduce:
Create a new provisioning template with the content of the attached file.
Assign to a host and check it on templete review.
It ill show this message: "There was an error rendering the KS template: regexp buffer overflow"
Note: This was working ok on version 1.0.1.
Files
| ks-bug.txt | ks-bug.txt | 2.06 KB | Alejandro Falcon, 01/03/2013 04:19 PM | ||
| Gemfile.lock | Gemfile.lock | 3.52 KB | Alejandro Falcon, 01/06/2013 01:53 PM |
Updated by Alejandro Falcon about 12 years ago
- File Gemfile.lock Gemfile.lock added
Attached Gemfile.lock
Updated by Dominic Cleal about 12 years ago
Confirmed on EL 6.4 with Foreman RC4, ruby_parser 3.0.1 (hm, should be 3.0.4) and safemode 1.1.0.
Updated by Dominic Cleal about 12 years ago
Ohad Levy wrote:
does it work correctly on 3.0.4?
No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.
Updated by Daniel Verniers almost 12 years ago
OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from deb
I have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.
Are there any workarounds?
Thankx.
Daniel
Updated by Daniel Verniers almost 12 years ago
There was an error rendering the TEMPLATE_NAME template: regexp buffer overflow
Updated by Dominic Cleal almost 12 years ago
Daniel Verniers wrote:
OS: Debian Squeeze 64bit
Foreman 1.1 RC4 from debI have the same problem with preseed provisioning templates.
finish and pxe templates are working fine, but provisioning is not working.Are there any workarounds?
Disabling safemode_render under More->Settings->Provisioning is the only one I'm aware of. This means users with edit rights on provisioning templates can execute code in Foreman.
Updated by Greg Sutcliffe almost 12 years ago
Daniel, do you have a sample preseed you can attach that shows the problem? be nice to cross-reference with the broken KS example.
Updated by Daniel Verniers almost 12 years ago
@Dominic
This has solved the problem for the moment
I'll come back to your question later - i will create a minimal version of my preseed file as an example
Updated by Ohad Levy almost 12 years ago
@Danial, please let us know, as I would consider this a blocker for 1.1 release
Updated by Ohad Levy almost 12 years ago
- Target version deleted (
1.1)
I don't consider this as a blocker for 1.1 release, since there is a workaround (which should be clearly documented in the release notes).
Since there is no trivial fix to resolved, I'm removing the 1.1 milestone from it.
Updated by Anonymous almost 12 years ago
Dominic Cleal wrote:
Ohad Levy wrote:
does it work correctly on 3.0.4?
No, just tested ruby_parser 3.0.4 and it doesn't fix it, but it does work on a Fedora 17 system with Ruby 1.9.3 and either ruby_parser 3.0.1 or 3.0.4.
This is a stack overflow in 1.8.7 regex library. 1.9.3 is unaffected.
Updated by Dominic Cleal almost 12 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
I think to resolve this for MRI 1.8 we'll revert the versions of safemode and ruby_parser to their previous versions, but use the current version for MRI 1.9 where we need recent fixes to function.
Updated by Dominic Cleal almost 12 years ago
- Status changed from Assigned to Ready For Testing
Updated by Dominic Cleal almost 12 years ago
This is going to bring back #2217 (the warnings about redefined constants). Not sure if it's worth worrying about, or putting in our own code for defining the constants in Regexp so we don't hit the issue.
Updated by Dominic Cleal almost 12 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset d52260159f1da0ea5341011c2c8705a7d75226ca.
Updated by Dominic Cleal almost 11 years ago
- Related to Tracker #4656: Drop Ruby 1.8 support added