Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
xen
20174-pygrub-security.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 20174-pygrub-security.patch of Package xen
# HG changeset patch # User Keir Fraser <keir.fraser@citrix.com> # Date 1252327855 -3600 # Node ID a28c9c2fa8de05ebd0284f578289e96d2d15d574 # Parent b81e375e03922cd72d6e1404bc62a05059a4fe61 pygrub: trap exception when python module import fails Fix the issue when importing 'crypt' module or crypt.crypt fails in pygrub. The exception is written on the same line like "Failed!" message but only if there is an exception. If there is no exception, we don't bother users with details (probably the password they entered was wrong) so we just display "Failed!" message. Also, the code for hasPassword() was rewritten not to have try/except block here. Signed-off-by: Michal Novotny <minovotn@redhat.com> Index: xen-3.3.1-testing/tools/pygrub/src/GrubConf.py =================================================================== --- xen-3.3.1-testing.orig/tools/pygrub/src/GrubConf.py +++ xen-3.3.1-testing/tools/pygrub/src/GrubConf.py @@ -158,6 +158,7 @@ class GrubConfigFile(object): self.timeout = -1 self._default = 0 self.passwordAccess = True + self.passExc = None if fn is not None: self.parse() @@ -197,7 +198,6 @@ class GrubConfigFile(object): if self.commands.has_key(com): if self.commands[com] is not None: setattr(self, self.commands[com], arg.strip()) - #print "%s = %s => %s" % (com, self.commands[com], arg.strip() ) else: logging.info("Ignored directive %s" %(com,)) else: @@ -216,25 +216,28 @@ class GrubConfigFile(object): self.passwordAccess = val def hasPassword(self): - try: - getattr(self, self.commands['password']) - return True - except: - return False + return hasattr(self, 'password') def checkPassword(self, password): - try: - pwd = getattr(self, self.commands['password']).split() - if pwd[0] == '--md5': + # Always allow if no password defined in grub.conf + if not self.hasPassword: + return True + + # If we're here, we're having 'password' attribute set + pwd = getattr(self, 'password').split() + + # We check whether password is in MD5 hash for comparison + if pwd[0] == '--md5': + try: import crypt if crypt.crypt(password, pwd[1]) == pwd[1]: return True + except Exception, e: + self.passExc = "Can't verify password: %s" % str(e) + return False - if pwd[0] == password: - return True - - return False - except: + # ... and if not, we compare it as a plain text + if pwd[0] == password: return True def set(self, line): Index: xen-3.3.1-testing/tools/pygrub/src/pygrub =================================================================== --- xen-3.3.1-testing.orig/tools/pygrub/src/pygrub +++ xen-3.3.1-testing/tools/pygrub/src/pygrub @@ -479,7 +479,11 @@ class Grub: pwd = self.text_win.getstr(6, 8) if not self.cf.checkPassword(pwd): self.text_win.addstr(6, 1, "Password: ") - self.text_win.addstr(7, 0, "Failed!") + if self.cf.passExc is not None: + self.text_win.addstr(7, 0, "Exception: %s" + % self.cf.passExc) + else: + self.text_win.addstr(7, 0, "Failed!") self.cf.setPasswordAccess( False ) else: self.cf.setPasswordAccess( True )
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor