Malformed input in the IP addr field in "power parameters" causes part of SQL error to be shown
Bug #1839189 reported by
Vladimir Grevtsev
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Triaged
|
High
|
Unassigned | ||
Bug Description
UI bug video: https:/
MAAS packages: http://
Steps to reproduce:
1. Open machine > configuration > power configuration
2. Edit > select IPMI or Intel AMT
3. Enter "123" in both fields, click "Save changes" -> error "Error: invalid input syntax for type inet: "123" LINE 1: ...ype" = 6) AND "maasserver_
4. Enter "1231231231" -> same as in #3
5. "12312312312" -> Error: failed to detect a valid IP address from '12312312312' (as expected in all of the previous steps)
| summary: |
- [2.6] [UI] Malformed input in the IP addr field in "power parameters" - causes part of SQL error to be shown + [2.6] Malformed input in the IP addr field in "power parameters" causes + part of SQL error to be shown |
| Changed in maas: | |
| status: | New → Triaged |
| importance: | Undecided → High |
Revision history for this message
| Adam Collard (adam-collard) wrote | #1 |
| summary: |
- [2.6] Malformed input in the IP addr field in "power parameters" causes - part of SQL error to be shown + Malformed input in the IP addr field in "power parameters" causes part + of SQL error to be shown |
| Changed in maas: | |
| milestone: | none → 3.5.0 |
To post a comment you must log in.
We should check for SQL injection vulnerabilities here, and also not expose error messages that come directly from the db