From 731a53bd241240e08c455a8cb3a59e4d65a6abb5 Mon Sep 17 00:00:00 2001 From: Erik Johnson Date: Fri, 24 Aug 2018 10:35:55 -0500 Subject: [PATCH] Fixes: CVE-2018-15750, CVE-2018-15751 Ensure that tokens are hex to avoid hanging/errors in cherrypy Add empty token salt-api integration tests Handle Auth exceptions in run_job Update tornado test to correct authentication message --- salt/netapi/rest_cherrypy/app.py | 7 ------- tests/integration/netapi/rest_tornado/test_app.py | 8 ++++++-- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/salt/netapi/rest_cherrypy/app.py b/salt/netapi/rest_cherrypy/app.py index e7641ccbc5..5dfbadf759 100644 --- a/salt/netapi/rest_cherrypy/app.py +++ b/salt/netapi/rest_cherrypy/app.py @@ -1181,13 +1181,6 @@ class LowDataAdapter: except (TypeError, ValueError): raise cherrypy.HTTPError(401, "Invalid token") - if "token" in chunk: - # Make sure that auth token is hex - try: - int(chunk["token"], 16) - except (TypeError, ValueError): - raise cherrypy.HTTPError(401, "Invalid token") - if client: chunk["client"] = client diff --git a/tests/integration/netapi/rest_tornado/test_app.py b/tests/integration/netapi/rest_tornado/test_app.py index e3ad8820d3..4e5e741f1d 100644 --- a/tests/integration/netapi/rest_tornado/test_app.py +++ b/tests/integration/netapi/rest_tornado/test_app.py @@ -326,8 +326,12 @@ class TestSaltAPIHandler(_SaltnadoIntegrationTestCase): self.assertIn("jid", ret[0]) # the first 2 are regular returns self.assertIn("jid", ret[1]) self.assertIn("Failed to authenticate", ret[2]) # bad auth - self.assertEqual(ret[0]["minions"], sorted(["minion", "sub_minion"])) - self.assertEqual(ret[1]["minions"], sorted(["minion", "sub_minion"])) + self.assertEqual( + ret[0]["minions"], sorted(["minion", "sub_minion", "localhost"]) + ) + self.assertEqual( + ret[1]["minions"], sorted(["minion", "sub_minion", "localhost"]) + ) @slowTest def test_simple_local_async_post_no_tgt(self): -- 2.29.2