Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Denial of access after failed import using invalid attributes, posted by soren poulsen on Wed Jun 17 03:46:31 2009 
    icon2.gif   Re: Denial of access after failed import using invalid attributes, posted by Stefan Ritt on Thu Jun 25 12:30:17 2009 
Message ID: 66418     Entry time: Thu Jun 25 12:30:17 2009     In reply to: 66400
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Request  OS: Linux  ELOG Version: 2.7.6 
Subject: Re: Denial of access after failed import using invalid attributes 

soren poulsen wrote:

Hi,

A user tried to import a CSV file, which caused e-log to add a field called "date" to the list of attributes (and then crash). This caused the log-book to be blocked until someone (guess who) would go edit the elogd.cfg file and then trigger a reload.

1. suggestion : E-log should not crash in this case

2. suggestion: E-log should not allow invalid attributes to be added via CSV Import, which causes the log-book to be blocked.

For the time being, I will just  "Deny import" (by the way, the doc says it is "Deny CSV import", but I think the syntax is "Deny import". Not really important.

I think this should be quite easy to reproduce.

Thanks a lot

Soren

If the CSV file contains a "date" column, elogd tries to interprete the date to the internal format. Now a date can be written in a huge number of variations, and I'm sure I did not cover all. So please send me your CSV file and I will fix the crash. 

ELOG V3.1.5-fe60aaf