Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method

RESOLVED FIXED in Bugzilla 4.2

Status

()

Bugzilla
Administration
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: Albert Ting, Assigned: Frédéric Buclin)

Tracking

4.0.3
Bugzilla 4.2
Bug Flags:
approval +
approval4.4 +
blocking4.4.2 +
approval4.2 +
blocking4.2.8 +

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

5 years ago
Created attachment 617623 [details] [diff] [review]
v1

I'm using LDAP authentication for a couple years and each time I set the "shutdown" admin parameter, the bugzilla home page returns an internal error message, "Undef to trick_taint".  The failed line is trick_taint($login_cookie) in Bugzilla::Auth::Persist::logout.

I thought it was my custom setup but doing some inspections, I don't have any login cookies as I'm using LDAP, hence $login_cookie is always undef.

Attached was a cheap fix that solved my issue.
(Assignee)

Updated

5 years ago
Attachment #617623 - Attachment is patch: true
(Assignee)

Updated

4 years ago
Duplicate of this bug: 943562
(Assignee)

Updated

4 years ago
OS: Windows 7 → All
Hardware: x86 → All
Target Milestone: --- → Bugzilla 4.4

Updated

4 years ago
Assignee: administration → dkl
Status: NEW → ASSIGNED
(Assignee)

Comment 2

4 years ago
Let's mark it as a blocker as we need to address bug 893195 comment 27 and 28 anyway.
Flags: blocking4.4.2+
(Assignee)

Comment 3

4 years ago
The problem is reproducible not only with LDAP but also when using ENV, i.e. that all non-cookie based authentication methods are affected.
Assignee: dkl → LpSolit
Summary: undef login_cookie when shutting down Bugzilla via ldap authentication → Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method
(Assignee)

Comment 4

4 years ago
Created attachment 8344182 [details] [diff] [review]
patch for trunk, v1

As said in bug 893195 comment 28, we cannot return early if no cookies are available, because we still have to clear data from the DB if $type == LOGOUT_KEEP_CURRENT.
Attachment #8344182 - Flags: review?(dkl)
(Assignee)

Comment 5

4 years ago
Created attachment 8344185 [details] [diff] [review]
patch for 4.x

This patch works with all Bugzilla 4.x installations (in case we want it for 4.2 too).
Attachment #617623 - Attachment is obsolete: true
Attachment #8344185 - Flags: review?(dkl)
4.2 branch rules say "security, crash, data loss, and selected critical fixes only"

This counts as a crash, so it qualifies.
Flags: blocking4.2.8+
(Assignee)

Updated

4 years ago
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
Comment on attachment 8344185 [details] [diff] [review]
patch for 4.x

Review of attachment 8344185 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8344185 - Flags: review?(dkl) → review+
Comment on attachment 8344182 [details] [diff] [review]
patch for trunk, v1

Review of attachment 8344182 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8344182 - Flags: review?(dkl) → review+

Updated

4 years ago
Flags: approval?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval+
(Assignee)

Comment 9

4 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla.pm
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8836.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8643.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8242.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Comment 10

4 years ago
Added to relnotes for 4.4.2.
You need to log in before you can comment on or make changes to this bug.