GNU Mailman

Login error when there are waiting admin approval requests

Bug #265208 reported by Absolutek
2
Affects Status Importance Assigned to Milestone
GNU Mailman
Invalid
High
Barry Warsaw
GNU Mailman unreproducible

Bug Description

When there are waiting admin approval requests for a Mailman 2.0beta5
mailing list i get an error that does not allow me to login. I'm running
Debian v2.3 (woody) & python v1.5.2. Here is the full text of the
error:
---------------------------------------------------------------

Bug in Mailman version 2.0beta5

We're sorry, we hit a bug!

If you would like to help us identify the problem, please email a copy of
this page to the webmaster for this site with a description of what
happened. Thanks!

Traceback:

Traceback (innermost last):
  File "/home/mailman/scripts/driver", line 96, in run_main
    main()
  File "/home/mailman/Mailman/Cgi/admin.py", line 87, in main
    Auth.authenticate(mlist, cgidata)
  File "/home/mailman/Mailman/Cgi/Auth.py", line 69, in
authenticate
    isauthed = mlist.WebAuthenticate(password=adminpw, cookie='admin')
  File "/home/mailman/Mailman/SecurityManager.py", line 82, in
WebAuthenticate
    self.ConfirmAdminPassword(password)
  File "/home/mailman/Mailman/SecurityManager.py", line 69, in
ConfirmAdminPassword
    if not self.ValidAdminPassword(pw):
  File "/home/mailman/Mailman/SecurityManager.py", line 65, in
ValidAdminPassword
    return type(pw) == StringType and \
TypeError: argument 2: expected string without null bytes, string found

Python information:

     Variable
                                             Value
 sys.version
                 1.5.2 (#0, Apr 3 2000, 14:46:48) [GCC 2.95.2 20000313
(Debian GNU/Linux)]
 sys.executable
                 /usr/bin/python
 sys.prefix
                 /usr
 sys.exec_prefix
                 /usr
 sys.path
                 /usr
 sys.platform
                 linux2

Environment variables:

        Variable
                                              Value
 DOCUMENT_ROOT
                       /var/mainwww/old_site
 SERVER_ADDR
                       207.210.171.77
 HTTP_ACCEPT_ENCODING
                       gzip
 CONTENT_LENGTH
                       14
 CONTENT_TYPE
                       application/x-www-form-urlencoded
 PATH_TRANSLATED
                       /var/mainwww/old_site/mem
 REMOTE_ADDR
                       192.168.0.2
 SERVER_SOFTWARE
                       Apache/1.3.12 (Unix) Debian/GNU PHP/4.0.1pl2
mod_perl/1.24
 GATEWAY_INTERFACE
                       CGI/1.1
 UNIQUE_ID
                       ObmnDMCoAAEAADFJ7ck
 HTTP_ACCEPT_LANGUAGE
                       en
 REMOTE_PORT
                       1064
 SERVER_PORT
                       80
 HTTP_CONNECTION
                       Keep-Alive
 HTTP_USER_AGENT
                       Mozilla/4.75 [en] (Windows NT 5.0; U)
 HTTP_ACCEPT_CHARSET
                       iso-8859-1,*,utf-8
 HTTP_ACCEPT
                       image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
image/png, */*
 REQUEST_URI
                       /mailman/admin/mem
 PATH
                       /bin:/usr/bin:/sbin:/usr/sbin
 QUERY_STRING
 SERVER_PROTOCOL
                       HTTP/1.0
 PATH_INFO
                       /mem
 HTTP_HOST
                       www.squadron.org
 REQUEST_METHOD
                       POST
 SERVER_SIGNATURE
 SCRIPT_NAME
                       /mailman/admin
 SERVER_ADMIN
                       <email address hidden>
 SCRIPT_FILENAME
                       /home/mailman/cgi-bin/admin
 PYTHONPATH
                       /home/mailman
 HTTP_REFERER
                       http://www.squadron.org/mailman/admin/mem
 SERVER_NAME
                       www.squadron.org

[http://sourceforge.net/tracker/index.php?func=detail&aid=213929&group_id=103&atid=100103]

Tags: web-cgi
Revision history for this message
Barry Warsaw (barry) wrote :

Somehow, and I'm not sure how, you have gotten a list password with
embedded null bytes in it. I don't see how that could have happened. Do
you have any idea?

I don't believe this bug is related to waiting admin approval requests,
since I do that all the time and it works for me.

More information on how you got to this situation is definitely needed, as
I believe the web interface has the proper tests for cryptability of
passwords.

In any event, you might be able to fix this by using the site password and
changing the list password to something without null bytes.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.