Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method

RESOLVED FIXED in Bugzilla 4.2

Status

()

task
RESOLVED FIXED
7 years ago
5 years ago

People

(Reporter: altlist, Assigned: LpSolit)

Tracking

4.0.3
Bugzilla 4.2
Bug Flags:
approval +
approval4.4 +
blocking4.4.2 +
approval4.2 +
blocking4.2.8 +

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

7 years ago
Posted patch v1 (obsolete) — Splinter Review
I'm using LDAP authentication for a couple years and each time I set the "shutdown" admin parameter, the bugzilla home page returns an internal error message, "Undef to trick_taint".  The failed line is trick_taint($login_cookie) in Bugzilla::Auth::Persist::logout.

I thought it was my custom setup but doing some inspections, I don't have any login cookies as I'm using LDAP, hence $login_cookie is always undef.

Attached was a cheap fix that solved my issue.
(Assignee)

Updated

7 years ago
Attachment #617623 - Attachment is patch: true
(Assignee)

Updated

6 years ago
Duplicate of this bug: 943562
(Assignee)

Updated

6 years ago
OS: Windows 7 → All
Hardware: x86 → All
Target Milestone: --- → Bugzilla 4.4
Assignee: administration → dkl
Status: NEW → ASSIGNED
(Assignee)

Comment 2

6 years ago
Let's mark it as a blocker as we need to address bug 893195 comment 27 and 28 anyway.
Flags: blocking4.4.2+
(Assignee)

Comment 3

5 years ago
The problem is reproducible not only with LDAP but also when using ENV, i.e. that all non-cookie based authentication methods are affected.
Assignee: dkl → LpSolit
Summary: undef login_cookie when shutting down Bugzilla via ldap authentication → Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method
(Assignee)

Comment 4

5 years ago
As said in bug 893195 comment 28, we cannot return early if no cookies are available, because we still have to clear data from the DB if $type == LOGOUT_KEEP_CURRENT.
Attachment #8344182 - Flags: review?(dkl)
(Assignee)

Comment 5

5 years ago
Posted patch patch for 4.xSplinter Review
This patch works with all Bugzilla 4.x installations (in case we want it for 4.2 too).
Attachment #617623 - Attachment is obsolete: true
Attachment #8344185 - Flags: review?(dkl)
4.2 branch rules say "security, crash, data loss, and selected critical fixes only"

This counts as a crash, so it qualifies.
Flags: blocking4.2.8+
(Assignee)

Updated

5 years ago
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
Comment on attachment 8344185 [details] [diff] [review]
patch for 4.x

Review of attachment 8344185 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8344185 - Flags: review?(dkl) → review+
Comment on attachment 8344182 [details] [diff] [review]
patch for trunk, v1

Review of attachment 8344182 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8344182 - Flags: review?(dkl) → review+
Flags: approval?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval+
(Assignee)

Comment 9

5 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla.pm
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8836.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8643.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8242.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Assignee)

Comment 10

5 years ago
Added to relnotes for 4.4.2.
You need to log in before you can comment on or make changes to this bug.