cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

prevent templating of passwords from prompt (#59246)

Browse source 
* prevent templating of passwords from prompt

  fixes CVE-2019-10206
This commit is contained in:
Brian Coca 2019-07-24 16:00:20 -04:00 committed by GitHub
parent 4ef38fcee2
commit e9a37f8e31
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/dont_template_passwords_from_prompt.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- resolves CVE-2019-10206, by avoiding templating passwords from prompt as it is probable they have special characters.

8
lib/ansible/cli/__init__.py
View file

@ -29,6 +29,7 @@ from ansible.release import __version__
from ansible.utils.collection_loader import set_collection_playbook_paths from ansible.utils.collection_loader import set_collection_playbook_paths
from ansible.utils.display import Display from ansible.utils.display import Display
from ansible.utils.path import unfrackpath from ansible.utils.path import unfrackpath
from ansible.utils.unsafe_proxy import AnsibleUnsafeBytes
from ansible.vars.manager import VariableManager from ansible.vars.manager import VariableManager
try: try:
@ -253,6 +254,13 @@ class CLI(with_metaclass(ABCMeta, object)):
except EOFError: except EOFError:
pass pass
# we 'wrap' the passwords to prevent templating as
# they can contain special chars and trigger it incorrectly
if sshpass:
sshpass = AnsibleUnsafeBytes(sshpass)
if becomepass:
becomepass = AnsibleUnsafeBytes(becomepass)
return (sshpass, becomepass) return (sshpass, becomepass)
def validate_conflicts(self, op, runas_opts=False, fork_opts=False): def validate_conflicts(self, op, runas_opts=False, fork_opts=False):

11
lib/ansible/utils/unsafe_proxy.py
View file

@ -53,7 +53,7 @@
from __future__ import (absolute_import, division, print_function) from __future__ import (absolute_import, division, print_function)
__metaclass__ = type __metaclass__ = type
from ansible.module_utils.six import string_types, text_type from ansible.module_utils.six import string_types, text_type, binary_type
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.common._collections_compat import Mapping, MutableSequence, Set from ansible.module_utils.common._collections_compat import Mapping, MutableSequence, Set
@ -69,15 +69,18 @@ class AnsibleUnsafeText(text_type, AnsibleUnsafe):
pass pass
class AnsibleUnsafeBytes(binary_type, AnsibleUnsafe):
pass
class UnsafeProxy(object): class UnsafeProxy(object):
def __new__(cls, obj, *args, **kwargs): def __new__(cls, obj, *args, **kwargs):
# In our usage we should only receive unicode strings. # In our usage we should only receive unicode strings.
# This conditional and conversion exists to sanity check the values # This conditional and conversion exists to sanity check the values
# we're given but we may want to take it out for testing and sanitize # we're given but we may want to take it out for testing and sanitize
# our input instead. # our input instead.
if isinstance(obj, string_types): if isinstance(obj, string_types) and not isinstance(obj, AnsibleUnsafeBytes):
obj = to_text(obj, errors='surrogate_or_strict') obj = AnsibleUnsafeText(to_text(obj, errors='surrogate_or_strict'))
return AnsibleUnsafeText(obj)
return obj return obj