[Bug 556787] [NEW] mumble-server password content causing database corruption
Erik Stambaugh
erik.stambaugh at canonical.com
Tue Apr 6 19:47:31 UTC 2010
Public bug reported:
Binary package hint: mumble
mumble-server package version 1.2.2-1ubuntu1 from ubuntu 10.04 LTS beta
This is really weird. On the canonical mumble server (morinda), we have
139 registered user IDs. Recently added users are unable to access the
server, getting invalid login/password responses.
We're administering the server via dbus-send on the command line. Using
these command line tools, we can retrieve the broken users' info when
requested by numeric user ID, but not by nick. For example:
squinky at morinda:~/$ dbus-send --system --print-reply --dest=net.sourceforge.mumble.murmur --type=method_call /1 net.sourceforge.mumble.Murmur.getRegistration int32:135
method return sender=:1.2 -> dest=:1.8793 reply_serial=2
struct {
int32 135
string ""cyphermox""
string ""mathieu.trudel-lapierre at canonical.com""
string ""
}
However, when getting the user's info by their string nick, it comes
back blank:
squinky at morinda:~/$ dbus-send --system --print-reply --dest=net.sourceforge.mumble.murmur --type=method_call /1 net.sourceforge.mumble.Murmur.getRegisteredPlayers string:""cyphermox""
method return sender=:1.2 -> dest=:1.8794 reply_serial=2
array [
]
By way of comparison, here are the responses we get with a known working
uid:
squinky at morinda:~/$ dbus-send --system --print-reply --dest=net.sourceforge.mumble.murmur --type=method_call /1 net.sourceforge.mumble.Murmur.getRegistration int32:1
method return sender=:1.2 -> dest=:1.8796 reply_serial=2
struct {
int32 1
string "squinky"
string "erik.stambaugh at canonical.com"
string ""
}
squinky at morinda:~/$ dbus-send --system --print-reply --dest=net.sourceforge.mumble.murmur --type=method_call /1 net.sourceforge.mumble.Murmur.getRegisteredPlayers string:""squinky""
method return sender=:1.2 -> dest=:1.8797 reply_serial=2
array [
struct {
int32 1
string "squinky"
string ""
string ""
}
]
Here is kind of a messy illustration of the problem, finding each nick
in order, then searching for their uid. I'm skipping many uids that
come back correctly, just to keep the output brief. It's only the last
few that don't find their uid:
for I in `seq 125 139`; do NICKBYUID=`dbus-send --system --print-reply --dest=net.sourceforge.mumble.murmur --type=method_call /1 net.sourceforge.mumble.Murmur.getRegistration int32:$I | grep -m 1 string | awk ' { print $2 }' | sed -e 's/"//g'`; echo -n "$NICKBYUID: "; UIDBYNICK=`dbus-send --system --print-reply --dest=net.sourceforge.mumble.murmur --type=method_call /1 net.sourceforge.mumble.Murmur.getRegisteredPlayers string:$NICKBYUID | grep -m 1 int32 | awk '{ print $2 }'`; echo $UIDBYNICK; done
therve: 125
free: 126
al-maisan: 127
kapil: 128
kdraks: 129
andreas: 130
jkakar: 131
Kaleo: 132
hlh: 133
kfogel:
cyphermox:
sbeattie:
ameetp:
imlad:
ara:
I suspect some sort of database corruption. Our interactions with
murmur are all limited to dbus commands, and those are carefully
controlled by a script (barring the manually-entered stuff you see
above). There are no strange characters or anything in these users'
data from what I can see.
I worked around it by going through each failing user, one at a time,
and resetting their passwords. Murmur must be accepting some sort of
bad strings through dbus for passwords (I didn't set these users up, so
I don't know what they contained), causing it to fail on string lookup
for the uid. If that's the case, it seems pretty clear that at least
some string validation needs to be put into it.
** Affects: mumble (Ubuntu)
Importance: Undecided
Status: New
--
mumble-server password content causing database corruption
https://bugs.launchpad.net/bugs/556787
You received this bug notification because you are a member of Debian
VoIP Team, which is subscribed to mumble in ubuntu.
More information about the Pkg-voip-maintainers
mailing list