| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66824
|
Mon May 17 04:19:29 2010 |
 | John Rouillard | rouilj+elog@cs.umb.edu | Bug report | Linux | Other | 2.7.8 | Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message |
| John Rouillard wrote: |
I think I kind of see what's happening here. In is_command_allowed you add the GetPwdFile to the list of
allowed command but only if is_admin_user is true. Since the user is guest at that point, I assume
is_admin_user returns false making is_command_allowed return false. Then the redirect is attempted by this
code sequence:
if (!is_command_allowed(lbs, command)) {
/* redirect to login page for new command */
if (strieq(command, loc("New")) && !isparam("unm")) {
check_user_password(lbs, "", "", _cmdline);
return;
}
but to me that looks like it will execute only if the command contains the word new
(or it's translated equivalent if I understand loc() properly)?? Since the command string
GetPwdFile doesn't match no login screen is presented by check_user_password.
|
The attached patch (also included inline) seems to fix the problem. I am sure it can be done more cleanly but...
--- elogd.c~ 2009-12-02 05:53:44.000000000 -0500
+++ elogd.c 2010-05-16 21:58:14.000000000 -0400
@@ -26236,6 +26236,10 @@
check_user_password(lbs, "", "", _cmdline);
return;
}
+ if (strieq(command, loc("GetPwdFile")) && !isparam("unm")) {
+ check_user_password(lbs, "", "", _cmdline);
+ return;
+ }
strencode2(str2, command, sizeof(str3));
sprintf(str, loc("Error: Command \"<b>%s</b>\" not allowed"), str2);
-- rouilj |
| Attachment 1: elog_GetPwdFile_diff.patch
|
--- elogd.c~ 2009-12-02 05:53:44.000000000 -0500
+++ elogd.c 2010-05-16 21:58:14.000000000 -0400
@@ -26236,6 +26236,10 @@
check_user_password(lbs, "", "", _cmdline);
return;
}
+ if (strieq(command, loc("GetPwdFile")) && !isparam("unm")) {
+ check_user_password(lbs, "", "", _cmdline);
+ return;
+ }
strencode2(str2, command, sizeof(str3));
sprintf(str, loc("Error: Command \"<b>%s</b>\" not allowed"), str2);
|
|
66827
|
Tue May 18 21:17:35 2010 |
| John Rouillard | rouilj+elog@cs.umb.edu | Bug report | Linux | Other | 2.7.8 | Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message |
| Stefan Ritt wrote: |
Ok, now I got it! The problem was that you used "Guest menu commands = ..." and I did not. So the behavior is different with that option, which is why I could not reproduce your problem initially. Now I could reproduce it and the cleanest fix is this:
--- elogd.c (revision 2294)
+++ elogd.c (working copy)
@@ -15704,7 +15704,7 @@
fgets(pwd, sizeof(pwd), stdin);
while (pwd[strlen(pwd) - 1] == '\n' || pwd[strlen(pwd) - 1] == '\r')
pwd[strlen(pwd) - 1] = 0;
- } else if (status != 200 && status != 302) {
+ } else if (status != 200 && status != 302 && status != 404) {
xfree(buffer);
*strchr(str, '?') = 0;
which is just accept the 404 response and not abort the cloning process. |
Yup. My settings are:
Guest menu commands = List, Last 10, Find, Login, Help
Guest List Menu commands = List, Last 10, Find, Login, Help
Ok, so this patch fixes the problem on the client side (rather than the server side like my patch) of the
cloning process. I can't tell from the patch above but will this fix allow the cloning process to "complete"
but without the password file being copied, or does code outside the patched section try to login and get
the password file?
-- rouilj |
|
66829
|
Thu May 20 03:37:59 2010 |
| John Rouillard | rouilj+elog@cs.umb.edu | Bug report | Linux | Other | 2.7.8 | Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message |
| Stefan Ritt wrote: |
| John Rouillard wrote: | Ok, so this patch fixes the problem on the client side (rather than the server side like my patch) of the
cloning process. I can't tell from the patch above but will this fix allow the cloning process to "complete"
but without the password file being copied, or does code outside the patched section try to login and get
the password file? |
Well, why don't you give it a try and let me know if the is any problem left? |
Sorry to report that it fails same as originally with:
Received invalid response from elogd server at http://example.org:8080/Discussion/
However there was a fuzz of 12 lines when I applied the patch, but I think it got the right line.
-- rouilj |
|
66847
|
Sat Jun 12 05:55:39 2010 |
| John Rouillard | rouilj+elog@cs.umb.edu | Bug report | Linux | Other | 2.7.8 | Re: elogd -C failing to sync password file with "Received invalid response from elogd server" message |
I pulled svn revision 2299 from svn and built it on both server and client side. It is working
properly now.
Thanks for the patch.
-- rouilj |
|
67029
|
Mon Mar 21 02:40:31 2011 |
 | John Rouillard | rouilj+elog@cs.umb.edu | Request | Windows | 2.90 | http://midas.psi.ch/elog/download/windows/ doesn't have the latest 2.90 release |
It looks like the newest windows release of elog at
http://midas.psi.ch/elog/download/windows/ is 2.81.
elog281-1.exe 23-Dec-2010 11:42 3.1M
elog-latest.exe 23-Dec-2010 11:42 3.1M
Can you post the 2.90 release.
Thanks.
-- rouilj |
|
67044
|
Sun Apr 10 01:49:01 2011 |
 | John Rouillard | rouilj+elog@cs.umb.edu | Bug report | Linux | 2.9.0 | Elog 2.9.0 buffer overflow crash bug ubuntu linux |
When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
Apr 9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Apr 9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
Startup info:
Apr 9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr 9 2011, 17:49:08
Apr 9 19:35:54 unixland elogd[21584]: revision 2411
-- rouilj |
|
66579
|
Fri Nov 6 12:49:22 2009 |
| Fabio Rossi | rossi.f@inwind.it | Question | Linux | 2.7.7.1 | width of the Text column in the summary list view |
I have "Summary lines = 1" in the config file. The first line visualized in the summary list, in the Text column, is truncated. I'm using the default style.
Which is the way to set the number of character displayed? |
|
66581
|
Fri Nov 6 18:08:20 2009 |
| Fabio Rossi | rossi.f@inwind.it | Question | Linux | 2.7.7.1 | Re: width of the Text column in the summary list view |
| Stefan Ritt wrote: |
|
| Fabio Rossi wrote: |
|
I have "Summary lines = 1" in the config file. The first line visualized in the summary list, in the Text column, is truncated. I'm using the default style.
Which is the way to set the number of character displayed?
|
I added a new parameter
Summary line length = x
for you. This is included in SVN revision 2262 (if you can compile it yourself) and will be contained in the next release.
|
I have already tested your patch backporting the change to 2.7.7.1. It works like a charm.
Thank you very much! |