mumble-server password content causing database corruption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mumble (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mumble
mumble-server package version 1.2.2-1ubuntu1 from ubuntu 10.04 LTS beta
This is really weird. On the canonical mumble server (morinda), we have 139 registered user IDs. Recently added users are unable to access the server, getting invalid login/password responses.
We're administering the server via dbus-send on the command line. Using these command line tools, we can retrieve the broken users' info when requested by numeric user ID, but not by nick. For example:
squinky@morinda:~/$ dbus-send --system --print-reply --dest=
method return sender=:1.2 -> dest=:1.8793 reply_serial=2
struct {
int32 135
string ""cyphermox""
string ""<email address hidden>""
string ""
}
However, when getting the user's info by their string nick, it comes back blank:
squinky@morinda:~/$ dbus-send --system --print-reply --dest=
method return sender=:1.2 -> dest=:1.8794 reply_serial=2
array [
]
By way of comparison, here are the responses we get with a known working uid:
squinky@morinda:~/$ dbus-send --system --print-reply --dest=
method return sender=:1.2 -> dest=:1.8796 reply_serial=2
struct {
int32 1
string "squinky"
string "<email address hidden>"
string ""
}
squinky@morinda:~/$ dbus-send --system --print-reply --dest=
method return sender=:1.2 -> dest=:1.8797 reply_serial=2
array [
struct {
int32 1
string "squinky"
string ""
string ""
}
]
Here is kind of a messy illustration of the problem, finding each nick in order, then searching for their uid. I'm skipping many uids that come back correctly, just to keep the output brief. It's only the last few that don't find their uid:
for I in `seq 125 139`; do NICKBYUID=
therve: 125
free: 126
al-maisan: 127
kapil: 128
kdraks: 129
andreas: 130
jkakar: 131
Kaleo: 132
hlh: 133
kfogel:
cyphermox:
sbeattie:
ameetp:
imlad:
ara:
I suspect some sort of database corruption. Our interactions with murmur are all limited to dbus commands, and those are carefully controlled by a script (barring the manually-entered stuff you see above). There are no strange characters or anything in these users' data from what I can see.
I worked around it by going through each failing user, one at a time, and resetting their passwords. Murmur must be accepting some sort of bad strings through dbus for passwords (I didn't set these users up, so I don't know what they contained), causing it to fail on string lookup for the uid. If that's the case, it seems pretty clear that at least some string validation needs to be put into it.
Changed in mumble (Ubuntu): | |
status: | New → Incomplete |
An update: it looks like it's not a string validation problem. I was told that the passwords assigned to users were plain alphanumerics. This sounds more like database corruption now.