pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
acda484cb0
xen/20174-pygrub-security.patch
Charles Arnold 61f585cdc1 - Add patch ioemu-bdrv-open-CACHE_WB.patch 
for install guest on tapdisk very very slow.
 

- bnc#542525 - VUL-1: xen pygrub vulnerability
  20099-pygrub-security.patch
  20107-pygrub-security.patch
  20146-pygrub-security.patch
  20174-pygrub-security.patch
  20201-pygrub-security.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=22
2009-09-30 16:44:28 +00:00

96 lines
3.7 KiB
Diff
Raw Blame History

# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1252327855 -3600
# Node ID a28c9c2fa8de05ebd0284f578289e96d2d15d574
# Parent b81e375e03922cd72d6e1404bc62a05059a4fe61
pygrub: trap exception when python module import fails
Fix the issue when importing 'crypt' module or crypt.crypt fails in
pygrub. The exception is written on the same line like "Failed!"
message but only if there is an exception. If there is no exception,
we don't bother users with details (probably the password they entered
was wrong) so we just display "Failed!" message. Also, the code for
hasPassword() was rewritten not to have try/except block here.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
@@ -158,6 +158,7 @@ class GrubConfigFile(object):
self.timeout = -1
self._default = 0
self.passwordAccess = True
+ self.passExc = None
if fn is not None:
self.parse()
@@ -197,7 +198,6 @@ class GrubConfigFile(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
setattr(self, self.commands[com], arg.strip())
- #print "%s = %s => %s" % (com, self.commands[com], arg.strip() )
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -216,25 +216,28 @@ class GrubConfigFile(object):
self.passwordAccess = val
def hasPassword(self):
- try:
- getattr(self, self.commands['password'])
- return True
- except:
- return False
+ return hasattr(self, 'password')
def checkPassword(self, password):
- try:
- pwd = getattr(self, self.commands['password']).split()
- if pwd[0] == '--md5':
+ # Always allow if no password defined in grub.conf
+ if not self.hasPassword:
+ return True
+
+ # If we're here, we're having 'password' attribute set
+ pwd = getattr(self, 'password').split()
+
+ # We check whether password is in MD5 hash for comparison
+ if pwd[0] == '--md5':
+ try:
import crypt
if crypt.crypt(password, pwd[1]) == pwd[1]:
return True
+ except Exception, e:
+ self.passExc = "Can't verify password: %s" % str(e)
+ return False
- if pwd[0] == password:
- return True
-
- return False
- except:
+ # ... and if not, we compare it as a plain text
+ if pwd[0] == password:
return True
def set(self, line):
Index: xen-3.4.1-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub
+++ xen-3.4.1-testing/tools/pygrub/src/pygrub
@@ -487,7 +487,11 @@ class Grub:
pwd = self.text_win.getstr(6, 8)
if not self.cf.checkPassword(pwd):
self.text_win.addstr(6, 1, "Password: ")
- self.text_win.addstr(7, 0, "Failed!")
+ if self.cf.passExc is not None:
+ self.text_win.addstr(7, 0, "Exception: %s"
+ % self.cf.passExc)
+ else:
+ self.text_win.addstr(7, 0, "Failed!")
self.cf.setPasswordAccess( False )
else:
self.cf.setPasswordAccess( True )
Reference in New Issue View Git Blame Copy Permalink