Description

When I try to create a new account or change the password on the current one to |\/|99b5Uy5 or similar, I get "500 - Internal Server Error".

Steps to reproduce

Try to create a new account on moinmo.in (or change the current one) with a password |\/|99b5Uy5 or very similar.
Watch the result.

Example

I get a blank page with only "500 - Internal Server Error" written on it. If you need a screenshot, I can provide it.

Component selection

general

Details

I'm using the moinmo.in wiki with English language.

MoinMoin Version	1.6.0, 1.6.1
OS and Version
Python Version
Server Setup
Server Details	cracklib / python-crack installed, password_checker not disabled
Language you are using the wiki in (set in the browser/UserPreferences)

Workaround

User: Choose a different passowrd.

Wiki admin: either deinstall python-crack / cracklib (that will disable usage of cracklib, but keep the builtin checks) or use password_checker = None (the last one will disable ALL checks).

Discussion

I modified an existing account with that password. It worked without problems. Can you reproduce?

Yes I can. I changed my account's password to |\/|99b5Uy5 and it worked perfectly. But when I tried to do this once more, it failed with the same message: "500 - Internal Server Error"

We need some info about your server setup and MM version. -- ReimarBauer 2007-12-14 10:19:25

I get this error in this (http://moinmo.in) wiki. I can install it on my own computer and try it later (I'm a bit busy this/next week) if this whould help you. -- ErnestasLiubarskij

The problem is that cracklib segfaults. Oddly, it doesn't segfault when you first check any other password?! It seems that cracklib corrupts its own memory somehow... see this gdb session:

johannes:~/Projects/moin/moin-1.7$ gdb --args python ./start.py 
GNU gdb 6.7.1-debian
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "powerpc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) break PWClose
Function "PWClose" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (PWClose) pending.
(gdb) break GetPW
Function "GetPW" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (GetPW) pending.
(gdb) run
Starting program: /usr/bin/python ./start.py
[Thread debugging using libthread_db enabled]
Loading ...
[New Thread 0x48021610 (LWP 11605)]
2008-03-18 14:03:23,694 WARNING MoinMoin.log:95 Using built-in fallback logging configuration!
MoinMoin - 1.7.0alpha [release]

2008-03-18 14:03:24,794 INFO MoinMoin.server.server_standalone:70 Serving on :8080
[New Thread 0x48c784d0 (LWP 11608)]
[New Thread 0x494784d0 (LWP 11609)]
[New Thread 0x49c784d0 (LWP 11610)]
[New Thread 0x4a4784d0 (LWP 11611)]
[New Thread 0x4ac784d0 (LWP 11612)]
[New Thread 0x4b4784d0 (LWP 11613)]
[New Thread 0x4bc784d0 (LWP 11614)]
[New Thread 0x4c4784d0 (LWP 11615)]
[New Thread 0x4cc784d0 (LWP 11616)]
[New Thread 0x4d4784d0 (LWP 11617)]
2008-03-18 14:03:28,135 DEBUG MoinMoin.config.multiconfig:81 could not import farmconfig, mapping all URLs to wikiconfig
2008-03-18 14:03:28,170 INFO MoinMoin.config.multiconfig:119 using wiki config: /home/johannes/Projects/moin/moin-1.7/wikiconfig.pyc
2008-03-18 14:03:28,176 DEBUG MoinMoin.i18n:62 trying to load translations from cache
2008-03-18 14:03:28,178 DEBUG MoinMoin.i18n:88 loading language metadata from disk cache
Breakpoint 3 at 0xf7e6790: file packlib.c, line 120.
Pending breakpoint "PWClose" resolved
Breakpoint 4 at 0xf7e61a0: file packlib.c, line 249.
Pending breakpoint "GetPW" resolved
[Switching to Thread 0x48c784d0 (LWP 11608)]

Breakpoint 4, GetPW (pwp=0xf7fcef4, number=361557) at packlib.c:249
249         if (pwp == NULL)
(gdb) print pwp->ifp
$1 = (FILE *) 0x103eeee0
(gdb) cont
Continuing.

Breakpoint 4, GetPW (pwp=0xf7fcef4, number=0) at packlib.c:249
249         if (pwp == NULL)
(gdb) print pwp->ifp
$1 = (FILE *) 0x3ff400b8
(gdb) cont
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x0fdaac4c in fseek () from /lib/libc.so.6
(gdb) bt
#0  0x0fdaac4c in fseek () from /lib/libc.so.6
#1  0x0f7e61fc in GetPW (pwp=0xf7fcef4, number=0) at packlib.c:263
#2  0x0f7e6428 in FindPW (pwp=0xf7fcef4, string=0xf7ff914 "\\/|99b5uy5") at packlib.c:338
#3  0x0f7e5fd4 in FascistLook (pwp=<value optimized out>, instring=<value optimized out>) at fascist.c:724
#4  0x0f7e6158 in FascistCheck (password=<value optimized out>, path=0x10408734 "/var/cache/cracklib/cracklib_dict")
    at fascist.c:785
#5  0x0f811bf8 in ?? () from /usr/lib/python2.4/site-packages/_crack.so
#6  0x100f382c in PyCFunction_Call (func=0xc, arg=0xf82a038, kw=0x0) at ../Objects/methodobject.c:108

cracklib is also unusable in Moin because it will exit(-1) when getting an error in its dictionary. Note how, in the gdb session, pwp->ifp gets corrupted. -- JohannesBerg 2008-03-18 13:16:41

Plan

Priority:
Assigned to: ThomasWaldmann
Status: fixed by removing cracklib support:
- http://hg.moinmo.in/moin/1.6/rev/49db7eb1d421
- http://hg.moinmo.in/moin/1.7/rev/e66f55d0076d

CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/500ErrorWhenSpecifiedPasswordIsUsed (last edited 2008-03-18 21:41:05 by ThomasWaldmann)