Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1133924] osc python m2crypto ssl crash
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 30 Jul 2019 13:25:53 +0000
  • Message-id: <bug-1133924-21960-4tYlvCzIx9@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1133924
http://bugzilla.opensuse.org/show_bug.cgi?id=1133924#c9

--- Comment #9 from Marcus Hüwe <suse-tux@xxxxxx> ---
(In reply to Jan Engelhardt from comment #6)
The python2 variant also exhibits the same issue (crash near *--dst, or
dying with i2d_x509-ish error message)

Can you still reproduce the problem? I was able to reproduce it on sunday
on some old TW version (beginning of february). Yesterday, I dup'ed to the
latest TW version and I'm not able to reproduce it anymore. Also, I'm not
able to reproduce it with Leap 15.1:/

Can you still reproduce it? Does the following repro work for you?

mkdir tmp
cd tmp
# download repro.py
# from https://bugzilla.opensuse.org/show_bug.cgi?id=1133924
# into $PWD

git clone -b 0.165.2 https://github.com/openSUSE/osc.git

export MY_APIURL=<your_apiurl> # insert your apiurl here

sed -i "s|APIURL|$MY_APIURL|" repro.py
mkdir ~/.osc-plugins # unless it already exists
cp repro.py ~/.osc-plugins

# the following is vulnerable to MITM attacks - enter some
# fake credentials that will result in a 401
python2 osc/osc-wrapper.py -c "$PWD/tmp_oscrc" -A "$MY_APIURL" repro

rm ~/.osc-plugins/repro.py*


The python2 call should segfault or yield some other errors
("HTTP Error 401: Unauthorized" is not considered as an error in this
case).

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >