You are here: Foswiki>Tasks Web>Item845>CommentPlugin>Item11443 (14 Oct 2012, GeorgeClark)Edit Attach

Item11443: CommentPlugin throws an oops that asserts with a taint error

pencil
Priority: Normal
Current State: Closed
Released In: 1.2.0
Target Release: n/a
Applies To: Extension
Component: CommentPlugin
Branches: Release01x01 trunk
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
As a non-admin, attempt to target a missing topic in System web or some other web without write access. The oops is thrown by CommentPlugin/Comment.pm Line 228, but for some reason, it ends up corrupted resulting in an assert error.

$web and $topic were not validated and untainted. Maybe some issues in the throw syntax. Fixed.

-- GeorgeClark - 15 Jan 2012

Web is not validated to exist. Need to throw an error if the target web does not exist.

-- GeorgeClark - 15 Jan 2012
 

[Sun Jan 15 00:39:49 2012] rest: Assertion (topic is tainted) failed!
[Sun Jan 15 00:39:49 2012] rest:  at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
[Sun Jan 15 00:39:49 2012] rest:    Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 378
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x8569a38)', 'web', 'System') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 125
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::Oops::oops('Foswiki=HASH(0x8569a38)', 'web', 'System', 'Foswiki::Request=HASH(0x85046d0)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 222
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8abf8a8)', 'Foswiki=HASH(0x8569a38)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 369
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::__ANON__('Foswiki::AccessControlException=HASH(0x8aec9e8)', 'SCALAR(0x8124b18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 339
[Sun Jan 15 00:39:49 2012] rest:    eval {...} called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 329
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::run_clauses('HASH(0x8569758)', 'Foswiki::AccessControlException=HASH(0x8aec9e8)', undef, 'ARRAY(0x8124ef8)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 426
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::try('CODE(0x804e338)', 'HASH(0x8569758)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 435
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::_execute('Foswiki::Request=HASH(0x85046d0)', 'CODE(0x8504440)', 'rest', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 274
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x85046d0)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 41
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81ff738)') called at rest line 29
[Sun Jan 15 00:39:49 2012] rest:  at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
[Sun Jan 15 00:39:49 2012] rest:    Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 378
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x8569a38)', 'web', 'System') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 125
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::Oops::oops('Foswiki=HASH(0x8569a38)', 'web', 'System', 'Foswiki::Request=HASH(0x85046d0)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 222
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8abf8a8)', 'Foswiki=HASH(0x8569a38)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 369
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::__ANON__('Foswiki::AccessControlException=HASH(0x8aec9e8)', 'SCALAR(0x8124b18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 339
[Sun Jan 15 00:39:49 2012] rest:    eval {...} called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 329
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::run_clauses('HASH(0x8569758)', 'Foswiki::AccessControlException=HASH(0x8aec9e8)', undef, 'ARRAY(0x8124ef8)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 426
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::try('CODE(0x804e338)', 'HASH(0x8569758)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 435
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::_execute('Foswiki::Request=HASH(0x85046d0)', 'CODE(0x8504440)', 'rest', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 274
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x85046d0)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 41
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81ff738)') called at rest line 29.
 at /usr/lib/perl5/vendor_perl/5.12.2/CGI/Carp.pm line 379
   CGI::Carp::realdie('[Sun Jan 15 00:39:49 2012] rest: Assertion (topic is tainted)...') called at /usr/lib/perl5/vendor_perl/5.12.2/CGI/Carp.pm line 475
   CGI::Carp::die('Error::Simple=HASH(0x8aece18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 184
   Error::throw('Error::Simple=HASH(0x8aece18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 436
   Error::subs::try('CODE(0x804e338)', 'HASH(0x8569758)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 435
   Foswiki::UI::_execute('Foswiki::Request=HASH(0x85046d0)', 'CODE(0x8504440)', 'rest', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 274
   Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x85046d0)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 41
   Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81ff738)') called at rest line 29

Debug print in Oops shows that the parameters have been shifted somehow - $web is "web" and $topic is "System", but I have been unable to figure out where it happens.

With asserts disabled, the oops display shows the incorrect information:

Access Denied

Attention

Access check on web.System failed. Action "CHANGE": topic.

-- GeorgeClark - 15 Jan 2012

 

ItemTemplate edit

Summary CommentPlugin throws an oops that asserts with a taint error
ReportedBy GeorgeClark
Codebase trunk
SVN Range
AppliesTo Extension
Component CommentPlugin
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:3f516e89e6b4 distro:ca2b68121507 distro:1b8b1ab7e836 distro:a4301d3cda9b distro:9eaa3a65f516 distro:f7aff30e0cd7
TargetRelease n/a
ReleasedIn 1.2.0
CheckinsOnBranches Release01x01 trunk
trunkCheckins distro:3f516e89e6b4 distro:ca2b68121507 distro:a4301d3cda9b distro:9eaa3a65f516 distro:f7aff30e0cd7
Release01x01Checkins distro:1b8b1ab7e836
Edit  | Attach | Print version | History: r10 < r9 < r8 < r7 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r10 - 14 Oct 2012, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy