Issue #6150: `cert-find` crashes on invalid certificate data - freeipa

freeipa

#6150 `cert-find` crashes on invalid certificate data

Closed: Fixed None Opened 7 years ago by jcholast.

When cert-find comes in contact with an invalid certificate data (be it from command line or LDAP), it crashes with internal error:

$ ipa cert-find --certificate=bougscrt
ipa: ERROR: an internal error has occurred


[Mon Aug 01 09:44:26.024346 2016] [wsgi:error] [pid 121350] ipa: ERROR: non-public: NSPRError: (SEC_ERROR_LIBRARY_FAILURE) security library failure.
[Mon Aug 01 09:44:26.024383 2016] [wsgi:error] [pid 121350] Traceback (most recent call last):
[Mon Aug 01 09:44:26.024387 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 352, in wsgi_execute
[Mon Aug 01 09:44:26.024390 2016] [wsgi:error] [pid 121350]     result = self.Command[name](*args, **options)
[Mon Aug 01 09:44:26.024393 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
[Mon Aug 01 09:44:26.024395 2016] [wsgi:error] [pid 121350]     return self.__do_call(*args, **options)
[Mon Aug 01 09:44:26.024398 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
[Mon Aug 01 09:44:26.024400 2016] [wsgi:error] [pid 121350]     ret = self.run(*args, **options)
[Mon Aug 01 09:44:26.024403 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run
[Mon Aug 01 09:44:26.024405 2016] [wsgi:error] [pid 121350]     return self.execute(*args, **options)
[Mon Aug 01 09:44:26.024408 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 1145, in execute
[Mon Aug 01 09:44:26.024410 2016] [wsgi:error] [pid 121350]     self.obj._parse(obj)
[Mon Aug 01 09:44:26.024412 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 299, in _parse
[Mon Aug 01 09:44:26.024415 2016] [wsgi:error] [pid 121350]     cert = x509.load_certificate(obj['certificate'])
[Mon Aug 01 09:44:26.024435 2016] [wsgi:error] [pid 121350]   File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 125, in load_certificate
[Mon Aug 01 09:44:26.024439 2016] [wsgi:error] [pid 121350]     return nss.Certificate(buffer(data))  # pylint: disable=buffer-builtin
[Mon Aug 01 09:44:26.024441 2016] [wsgi:error] [pid 121350] NSPRError: (SEC_ERROR_LIBRARY_FAILURE) security library failure.

Fix the command not to crash on invalid data.

pvoborni commented 7 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1366604

mbasti commented 7 years ago

master:

8ad0325 cert: do not crash on invalid data in cert-find

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.4.1

7 years ago

Metadata

Assignee

jcholast

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.4.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1366604

tester

None

changelog

None

design

None

freeipa

Source Code

#6150 `cert-find` crashes on invalid certificate data Closed: Fixed None Opened 7 years ago by jcholast.

Metadata

#6150 `cert-find` crashes on invalid certificate data

Closed: Fixed None Opened 7 years ago by jcholast.