View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002358 | SOGo | Backend General | public | 2013-06-27 15:36 | 2013-10-07 14:45 |
Reporter | cnaumer | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | reopened | ||
Product Version | 2.0.5a | ||||
Target Version | 2.1.0 | Fixed in Version | 2.1.0 | ||
Summary | 0002358: sogo chrashes if a user has special characters in password | ||||
Description | User changed his password now containing a § in ldap. Sogo chrashed each time he types in his password. (log see below) | ||||
Additional Information | Jun 26 12:13:49 sogod [14803]: <0x0x7f07f60fdf48[WOWatchDogChild]> 192.168.0.137 - - [26/Jun/2013:12:13:49 GMT] "OPTIONS | ||||
Tags | No tags attached. | ||||
I've just tried it with the "§ogo" password for a test user and it works for me. Set that password to a test user and send me the ldif entry including the userPassword. |
|
Here is the ldif: In the Webinterface I get login failed wrong password.The Crash I described only happens in Thunderbird. I still need to test this with this new user. Error log: |
|
Will test in TB and report back. |
|
OK tried with TB under Linux and I can reproduce ist: Here is what I see in the logs: |
|
Here is the SOGoUserSources part of our config: SOGoUserSources = ( |
|
Can you get a pcap on 127.0.0.1:20000 when doing this request? I'd like to see the actual payload that crashes sogo. I haven't been able to reproduce this issue here with the ldif you provided, in fact I can't bind with the password '§sogo' (or §ogo) |
|
Will try an d get back to you. Might take a while. The Password by the way is §sogo and it is in a MD5-Crypt hash. We are using 389-Directory server. If you can't reproduce it I think it might be related to LDAP. We will see. |
|
2013-09-11 06:50
|
|
attached the tcpflow output. Command was: |
|
Ok, it looks like thunderbird is sending the password in the iso8859-1 encoding, which is causing some issues in sope (double free + crash) I'll see what we can do about that. |
|
This should be fixed now: https://github.com/inverse-inc/sope/commit/dbf040d834cd6d49d3d8d98640d7c0fc12415e5a Do you have a test environment where you could test the next nightly builds? |
|
We use Centos6. Havent't got a test environment but SOGo is running on a VM so I'll be able to test at off-hours. I'll be able to test in the last week of september. Thanks |
|
I'll close the bug for now since I believe it is fixed. Reopen if needed after testing. |
|
Tried it with a test VM and the crash is gone. However I still can't login. You said before that you couldn't reproduce the crash but couldn't login using the LDIF and the password §sogo. This is the situation I have now. If you need more info let me know. |
|
OK. Solved the problem. It was in the software I used for setting the password. Sorry. So this is solved now. |
|
Was it setting the password using latin1 (iso8859-1) encoding before using crypt on it? |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2013-06-27 15:36 | cnaumer | New Issue | |
2013-08-09 13:29 | ludovic | Note Added: 0005807 | |
2013-08-09 13:29 | ludovic | Severity | crash => minor |
2013-08-09 13:44 | cnaumer | Note Added: 0005810 | |
2013-08-09 13:44 | cnaumer | Note Added: 0005811 | |
2013-08-12 06:36 | cnaumer | Note Added: 0005880 | |
2013-08-12 06:39 | cnaumer | Note Added: 0005881 | |
2013-08-12 12:51 | ludovic | Target Version | => 2.1.0 |
2013-09-10 18:24 |
|
Note Added: 0005967 | |
2013-09-11 06:27 | cnaumer | Note Added: 0005968 | |
2013-09-11 06:50 | cnaumer | File Added: sogo.dump | |
2013-09-11 06:51 | cnaumer | Note Added: 0005969 | |
2013-09-11 14:52 |
|
Note Added: 0005974 | |
2013-09-12 13:38 |
|
Note Added: 0005977 | |
2013-09-12 13:39 |
|
Assigned To | => jraby |
2013-09-12 13:39 |
|
Status | new => feedback |
2013-09-13 06:52 | cnaumer | Note Added: 0005993 | |
2013-09-17 13:18 |
|
Note Added: 0006014 | |
2013-09-17 13:18 |
|
Status | feedback => resolved |
2013-09-17 13:18 |
|
Fixed in Version | => 2.1.0 |
2013-09-30 18:46 | cnaumer | Note Added: 0006078 | |
2013-09-30 18:46 | cnaumer | Status | resolved => feedback |
2013-09-30 18:46 | cnaumer | Resolution | open => reopened |
2013-10-07 14:32 | cnaumer | Note Added: 0006085 | |
2013-10-07 14:32 | cnaumer | Status | feedback => assigned |
2013-10-07 14:45 |
|
Note Added: 0006086 | |
2013-10-07 14:45 |
|
Status | assigned => resolved |