Issue #3178: No input validation for garbage entry on tps-token-add cli - dogtagpki

dogtagpki

#3178 No input validation for garbage entry on tps-token-add cli

Closed: migrated 3 years ago by dmoluguw. Opened 3 years ago by dmoluguw.

Description of problem:

No input validation for garbage entry on tps-token-add cli

Version-Release number of selected component (if applicable):

# rpm -qi pki-tps
Name        : pki-tps
Version     : 10.8.3
Release     : 1.module+el8pki+5935+02cf7b8d
Architecture: x86_64
Install Date: Friday 29 May 2020 06:10:18 AM EDT
Group       : Unspecified
Size        : 1852713
License     : GPLv2 and LGPLv2
Signature   : RSA/SHA256, Wednesday 04 March 2020 12:35:59 PM EST, Key ID 199e2f91fd431d51
Source RPM  : pki-extras-10.8.3-1.module+el8pki+5935+02cf7b8d.src.rpm

How reproducible:

Always

Steps to Reproduce:

1. Install CA and there subsystem
2.
# pki -p 25443 -d nssdb/ -c SECret.123 -n "PKI TPS Administrator for Example.Org" tps-token-add "A#$!#@$!@$$%@#$%$#@%$#@%" 
-----------------------------------
Added token "A##@@39766%@#$%0@%0@%"
-----------------------------------
  Token ID: A##@@39766%@#$%0@%0@%
  Status: UNFORMATTED
  Next States: DAMAGED, PERM_LOST
  Date Created: Wed Jun 03 02:55:28 EDT 2020

Debug log :
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: Authenticating certificate chain:
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - CN=PKI Administrator, EMAILADDRESS=tpsadmin@example.com, OU=topology-02-TPS, O=topology-02_Foobarmaster.org
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: CertUserDBAuthentication: UID tpsadmin authenticated.
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: User ID: tpsadmin
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: UGSubsystem: retrieving user uid=tpsadmin,ou=People,o=topology-02-TPS-TPS
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: User DN: uid=tpsadmin,ou=People,o=topology-02-TPS-TPS
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: Roles:
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - TPS Agents
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - Administrators
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - TPS Operators
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: AAclAuthz: Granting login permission for certServer.tps.account
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: Creating session 5EBCEEA2E3FD4301E1DEFAEF47D83FE4
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: Principal:
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - ID: tpsadmin
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - Full Name: tpsadmin
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - Email: tpsadmin@example.com
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO: - Roles:
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO:   - Administrators
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO:   - TPS Agents
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-2] INFO:   - TPS Operators
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-3] INFO: UGSubsystem: retrieving user uid=tpsadmin,ou=People,o=topology-02-TPS-TPS
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-3] INFO: AAclAuthz: Granting add permission for certServer.tps.tokens
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-4] INFO: AAclAuthz: Granting logout permission for certServer.tps.account
2020-06-03 02:58:10 [https-jsse-nio-25443-exec-4] INFO: Destroying session 5EBCEEA2E3FD4301E1DEFAEF47D83FE4

Actual results:

tps-token-add cli accept all the garbage entry

Expected results:

There should be a filter for garbage input value

Additional info:

Metadata Update from @dmoluguw:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1843428
- Custom field type adjusted to None
- Custom field version adjusted to None

3 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3295

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1843428

type

None

version

None

keywords

None

estimate

None

feature

None

origin

None

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

None

proposedmilestone

None

dogtagpki

Source Code

#3178 No input validation for garbage entry on tps-token-add cli Closed: migrated 3 years ago by dmoluguw. Opened 3 years ago by dmoluguw.

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Metadata

#3178 No input validation for garbage entry on tps-token-add cli

Closed: migrated 3 years ago by dmoluguw. Opened 3 years ago by dmoluguw.