Jira (PUP-10536) Puppet windows package provider fails if there is garbage characters after an embedded NULL

0 views
Skip to first unread message

Josh Cooper (Jira)

unread,
May 28, 2020, 3:55:04 PM5/28/20
to puppe...@googlegroups.com
Josh Cooper created an issue
 
Puppet / Task PUP-10536
Puppet windows package provider fails if there is garbage characters after an embedded NULL
Issue Type: Task Task
Assignee: Unassigned
Created: 2020/05/28 12:54 PM
Priority: Normal Normal
Reporter: Josh Cooper

Puppet scans the registry when retrieving the list of currently installed packages. If one of the registry values it scans contains an embedded null followed by garbage, then puppet will try to transcode from UTF-16LE to UTF-8 and fail.

A fix for the embedded NULL problem was made in PUP-9639. However, the problem is that transcoding fails before the value can be sanitized.

When reading package names, versions, etc from the registry puppet should read up to the first wide null or the length of the string, whichever comes first, and remove the sanitize method. If there is a problem reading one of the whitelisted keys, it should print the name of the key in the error message.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Josh Cooper (Jira)

unread,
May 28, 2020, 4:00:04 PM5/28/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Puppet scans the registry when retrieving the list of currently installed packages. If one of the registry values it scans contains an embedded null followed by garbage, then puppet will try to transcode from UTF-16LE to UTF-8 and fail.

A fix for the embedded NULL problem was made in PUP-9639. However, the problem is that transcoding fails before the value can be sanitized.

When reading package names, versions, etc from the registry puppet should read up to the first wide null or the length of the string, whichever comes first, and remove the sanitize method. If there is a problem reading one of the whitelisted keys, it should print the name of the key in the error message.


To reproduce, import the following registry file whose {{DisplayVersion}} is corrupt and try to run puppet:

{noformat}
C:\ProgramData\PuppetLabs>type C:\Users\Administrator\Documents\test.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PUP10536]
"DisplayName"="PUP10536"
"DisplayVersion"=hex(2):31,0,36,0,2e,0,30,0,2e,0,31,0,30,0,33,0,35,0,37,0,2e,0,32,0,30,0,30,0,30,0,32,0,0,0,0,0,0,0,0,0,f3,23,8a,bc,fa,7f,0,0,10,65,74,b9,fa,7f,0,0,90,d8,55,6f,59,0,0,0

C:\ProgramData\PuppetLabs>reg import C:\Users\Administrator\Documents\test.reg
The operation completed successfully.

C:\ProgramData\PuppetLabs>puppet resource package --trace
Error: Could not run: "\x90\xD8" followed by "Uo" on UTF-16LE
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/api_types.rb:59:in `encode'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/api_types.rb:59:in `read_wide_string'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:237:in `block in read'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:281:in `block (3 levels) in query_value_ex'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:268:in `initialize'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:268:in `new'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:268:in `block (2 levels) in query_value_ex'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:263:in `initialize'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:263:in `new'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:263:in `block in query_value_ex'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:262:in `initialize'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:262:in `new'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:262:in `query_value_ex'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:225:in `read'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:81:in `block (2 levels) in values_by_name'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/api_types.rb:29:in `block in from_string_to_wide_string'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/api_types.rb:25:in `initialize'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/api_types.rb:25:in `new'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/api_types.rb:25:in `from_string_to_wide_string'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:79:in `block in values_by_name'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:78:in `each'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:78:in `values_by_name'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:49:in `block (5 levels) in with_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:28:in `block in open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/2.5.0/win32/registry.rb:439:in `open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/2.5.0/win32/registry.rb:546:in `open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:27:in `open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:48:in `block (4 levels) in with_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:51:in `block in each_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:49:in `loop'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:49:in `each_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:47:in `block (3 levels) in with_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:28:in `block in open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/2.5.0/win32/registry.rb:439:in `open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/2.5.0/win32/registry.rb:546:in `open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/windows/registry.rb:27:in `open'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:46:in `block (2 levels) in with_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:43:in `each'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:43:in `block in with_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:42:in `each'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:42:in `with_key'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows/package.rb:25:in `each'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows.rb:36:in `map'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/provider/package/windows.rb:36:in `instances'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1205:in `block in instances'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1204:in `collect'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1204:in `instances'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/indirector/resource/ral.rb:24:in `search'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:299:in `search'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/application/resource.rb:228:in `find_or_save_resources'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/application/resource.rb:142:in `block in main'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/context.rb:62:in `override'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet.rb:290:in `override'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/application/resource.rb:137:in `main'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/application.rb:390:in `run_command'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `block in run'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util.rb:710:in `exit_on_fail'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/application.rb:382:in `run'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:143:in `run'
C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in `execute'
C:/Program Files/Puppet Labs/Puppet/puppet/bin/puppet:4:in `<main>'
{noformat}

Josh Cooper (Jira)

unread,
May 28, 2020, 4:09:03 PM5/28/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Team: Night's Watch

Josh Cooper (Jira)

unread,
May 28, 2020, 4:11:03 PM5/28/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Puppet scans the registry when retrieving the list of currently installed packages. If one of the registry values it scans contains an embedded null followed by garbage, then puppet will try to transcode from UTF-16LE to UTF-8 and may fail.

A fix for the embedded NULL problem was made in PUP-9639. However, the problem is that it only works if transcoding fails before the value can be sanitized succeeds .

Josh Cooper (Jira)

unread,
May 28, 2020, 4:11:03 PM5/28/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Issue Type: Task Bug
Reply all
Reply to author
Forward
0 new messages