Opened 11 years ago
Last modified 9 years ago
#11295 closed defect
AssertionError if [inherit] htdocs-dir is empty or not defined — at Version 3
| Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
|---|---|---|---|
| Priority: | high | Milestone: | 0.12.6 |
| Component: | web frontend | Version: | 0.12-stable |
| Severity: | major | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: |
s |
||
| API Changes: | |||
| Internal Changes: | |||
Description
This was initially posted in comment:2:ticket:11294.
If [inherit] htdocs_dir is empty or doesn't exist, then the following traceback can be seen in the console when we try to load a page that uses an image from shared:
02:45:12 PM Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
File "/home/user/Workspace/t11294/teo-rjollos.git/trac/web/main.py", line 497, in _dispatch_request
dispatcher.dispatch(req)
File "/home/user/Workspace/t11294/teo-rjollos.git/trac/web/main.py", line 214, in dispatch
resp = chosen_handler.process_request(req)
File "/home/user/Workspace/t11294/teo-rjollos.git/trac/web/chrome.py", line 621, in process_request
assert os.path.commonprefix([dir, path]) == dir
AssertionError:
If I'm using the Image macro to display trac_logo.png from the shared directory, but that directory doesn't exist, I see:
03:05:29 PM Trac[chrome] WARNING: File trac_logo.png not found in any of [u'/var/www/shared/htdocs']
However, if [inherit] htdocs_dir = , or the option isn't defined in trac.ini, the traceback results.
If I change the code slightly to show the values being asserted:
03:09:21 PM Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
File "/home/user/Workspace/t11294/teo-rjollos.git/trac/web/main.py", line 497, in _dispatch_request
dispatcher.dispatch(req)
File "/home/user/Workspace/t11294/teo-rjollos.git/trac/web/main.py", line 214, in dispatch
resp = chosen_handler.process_request(req)
File "/home/user/Workspace/t11294/teo-rjollos.git/trac/web/chrome.py", line 621, in process_request
assert os.path.commonprefix([dir, path]) == dir, [os.path.commonprefix([dir, path]), dir]
AssertionError: ['', '.']
Another way to reproduce the traceback is to set [header_logo] src to a file in the shared htdocs_dir and leave [inherit] htdocs_dir empty.
If we remove the assertion, we get a more useful error in the log:
03:22:34 PM Trac[chrome] WARNING: File trac_logo.png not found in any of ['.'] 03:22:34 PM Trac[main] WARNING: [127.0.0.1] HTTPNotFound: 404 Not Found (File trac_logo.png not found)
I'm not sure what the purpose of that assert statement is. It was added in [1888], and I can't come up with a case for which the assertion could have been false in [1188]. However, after [1892] the assertion can be false if os.normpath(dir) != dir.
Provided the assertion isn't needed, I propose to remove it and possibly improve the log message for the case that the user tries to serve an image file from the shared htdocs dir, but [inherit] htdocs_dir is empty or not defined.
Change History (3)
comment:2 by , 11 years ago
If the assert has security implications, it should be changed to a test and a raise ASAP, because assertions are removed when running with -O, and we don't want people's Trac to become vulnerable just because they run with "optimizations" turned on.
comment:3 by , 11 years ago
| Milestone: | next-stable-1.0.x → 1.0.2 |
|---|---|
| Owner: | set to |
| Release Notes: | modified (diff) |
| Status: | new → assigned |
I've prepared some changes based on Rémy's suggestion: rjollos.git:t11295.
I'm not sure if the TracErrors's message should be more descriptive than Invalid chrome path.
No. If without the assertion, a remote attacker can retrieve the system file using like this.