Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message, posted by John Rouillard on Mon May 17 04:19:29 2010 
|
| John Rouillard wrote: |
I think I kind of see what's happening here. In is_command_allowed you add the GetPwdFile to the list of
allowed command but only if is_admin_user is true. Since the user is guest at that point, I assume
is_admin_user returns false making is_command_allowed return false. Then the redirect is attempted by this
code sequence:
if (!is_command_allowed(lbs, command)) {
/* redirect to login page for new command */
if (strieq(command, loc("New")) && !isparam("unm")) {
check_user_password(lbs, "", "", _cmdline);
return;
}
but to me that looks like it will execute only if the command contains the word new
(or it's translated equivalent if I understand loc() properly)?? Since the command string
GetPwdFile doesn't match no login screen is presented by check_user_password.
|
The attached patch (also included inline) seems to fix the problem. I am sure it can be done more cleanly but...
--- elogd.c~ 2009-12-02 05:53:44.000000000 -0500
+++ elogd.c 2010-05-16 21:58:14.000000000 -0400
@@ -26236,6 +26236,10 @@
check_user_password(lbs, "", "", _cmdline);
return;
}
+ if (strieq(command, loc("GetPwdFile")) && !isparam("unm")) {
+ check_user_password(lbs, "", "", _cmdline);
+ return;
+ }
strencode2(str2, command, sizeof(str3));
sprintf(str, loc("Error: Command \"<b>%s</b>\" not allowed"), str2);
-- rouilj |
|
Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message, posted by John Rouillard on Tue May 18 21:17:35 2010
|
| Stefan Ritt wrote: |
Ok, now I got it! The problem was that you used "Guest menu commands = ..." and I did not. So the behavior is different with that option, which is why I could not reproduce your problem initially. Now I could reproduce it and the cleanest fix is this:
--- elogd.c (revision 2294)
+++ elogd.c (working copy)
@@ -15704,7 +15704,7 @@
fgets(pwd, sizeof(pwd), stdin);
while (pwd[strlen(pwd) - 1] == '\n' || pwd[strlen(pwd) - 1] == '\r')
pwd[strlen(pwd) - 1] = 0;
- } else if (status != 200 && status != 302) {
+ } else if (status != 200 && status != 302 && status != 404) {
xfree(buffer);
*strchr(str, '?') = 0;
which is just accept the 404 response and not abort the cloning process. |
Yup. My settings are:
Guest menu commands = List, Last 10, Find, Login, Help
Guest List Menu commands = List, Last 10, Find, Login, Help
Ok, so this patch fixes the problem on the client side (rather than the server side like my patch) of the
cloning process. I can't tell from the patch above but will this fix allow the cloning process to "complete"
but without the password file being copied, or does code outside the patched section try to login and get
the password file?
-- rouilj |
|
Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message, posted by John Rouillard on Thu May 20 03:37:59 2010
|
| Stefan Ritt wrote: |
| John Rouillard wrote: | Ok, so this patch fixes the problem on the client side (rather than the server side like my patch) of the
cloning process. I can't tell from the patch above but will this fix allow the cloning process to "complete"
but without the password file being copied, or does code outside the patched section try to login and get
the password file? |
Well, why don't you give it a try and let me know if the is any problem left? |
Sorry to report that it fails same as originally with:
Received invalid response from elogd server at http://example.org:8080/Discussion/
However there was a fuzz of 12 lines when I applied the patch, but I think it got the right line.
-- rouilj |
|
Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message, posted by John Rouillard on Sat Jun 12 05:55:39 2010
|
I pulled svn revision 2299 from svn and built it on both server and client side. It is working
properly now.
Thanks for the patch.
-- rouilj |
http://midas.psi.ch/elog/download/windows/ doesn't have the latest 2.90 release, posted by John Rouillard on Mon Mar 21 02:40:31 2011
|
It looks like the newest windows release of elog at
http://midas.psi.ch/elog/download/windows/ is 2.81.
elog281-1.exe 23-Dec-2010 11:42 3.1M
elog-latest.exe 23-Dec-2010 11:42 3.1M
Can you post the 2.90 release.
Thanks.
-- rouilj |
Elog 2.9.0 buffer overflow crash bug ubuntu linux, posted by John Rouillard on Sun Apr 10 01:49:01 2011
|
When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
Apr 9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Apr 9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
Startup info:
Apr 9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr 9 2011, 17:49:08
Apr 9 19:35:54 unixland elogd[21584]: revision 2411
-- rouilj |
|
width of the Text column in the summary list view, posted by Fabio Rossi on Fri Nov 6 12:49:22 2009
|
I have "Summary lines = 1" in the config file. The first line visualized in the summary list, in the Text column, is truncated. I'm using the default style.
Which is the way to set the number of character displayed? |
|
Re: width of the Text column in the summary list view, posted by Fabio Rossi on Fri Nov 6 18:08:20 2009
|
| Stefan Ritt wrote: |
|
| Fabio Rossi wrote: |
|
I have "Summary lines = 1" in the config file. The first line visualized in the summary list, in the Text column, is truncated. I'm using the default style.
Which is the way to set the number of character displayed?
|
I added a new parameter
Summary line length = x
for you. This is included in SVN revision 2262 (if you can compile it yourself) and will be contained in the next release.
|
I have already tested your patch backporting the change to 2.7.7.1. It works like a charm.
Thank you very much! |