[tahoe-lafs-trac-stream] [tahoe-lafs] #2037: cloud/S3 backend fails to redact ProductToken and UserToken from S3 error messages

tahoe-lafs trac at tahoe-lafs.org
Fri Jul 26 01:40:04 UTC 2013 

#2037: cloud/S3 backend fails to redact ProductToken and UserToken from S3 error
messages
-------------------------+-------------------------------------------------
     Reporter:  daira    |      Owner:  daira
         Type:  defect   |     Status:  assigned
     Priority:  normal   |  Milestone:  soon
    Component:  unknown  |    Version:  1.9.0-s3branch
   Resolution:           |   Keywords:  security logging s3 cloud-backend
Launchpad Bug:           |  ticket999-S3-backend
-------------------------+-------------------------------------------------
Changes (by daira):

 * status:  new => assigned


Old description:

> Here's an example of LeastAuthority.com secrets being leaked in an S3
> error message (I've replaced the actual secrets with
> "THIS_SHOULD_NOT_BE_HERE" for this bug report):
> {{{
> [Failure instance: Traceback: <class
> 'lae_automation.endtoend.CheckFailed'>:
>  Error for 107.22.17.1: could not create test file: [Failure instance:
> Traceback (failure with no frames):
>  <class 'allmydata.mutable.common.NotEnoughServersError'>: ('Publish ran
> out of good servers, last failure was:
>  [Failure instance: Traceback (failure with no frames): <class
> \'foolscap.tokens.RemoteException\'>:
>  <RemoteException around \'[CopiedFailure instance: Traceback from remote
> host -- Traceback (most recent call last):\n
>   File "/usr/local/lib/python2.6/dist-
> packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/tcp.py",
> line 277, in connectionLost\n
>     protocol.connectionLost(reason)\n
>   File "/usr/local/lib/python2.6/dist-
> packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/web/client.py", line
> 191, in connectionLost\n
>     self.factory._disconnectedDeferred.callback(None)\n
>   File "/usr/local/lib/python2.6/dist-
> packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/defer.py",
> line 362, in callback\n
>     self._startRunCallbacks(result)\n
>   File "/usr/local/lib/python2.6/dist-
> packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/defer.py",
> line 458, in _startRunC\n
> \n-- TRACEBACK ELIDED --\n\n
>   client/base.py", line 46, in error_wrapper\n
>     raise fallback_error\n
> allmydata.storage.backends.s3.s3_common.TahoeS3Error: (\'400\', \'400 Bad
> Request\',
> \'<?xml version="1.0" encoding="UTF-8"?>\\n
> <Error><Code>InvalidToken</Code>
> <Message>The provided token is malformed or otherwise invalid.</Message>
> <RequestId>266AB3D40D3E8F00</RequestId><HostId>IXcXMiM5tH07dLaANbZsgKe4rqkFF7yMBmfGlhWqZfdd9i6FqUiuUcsgEc6cmrAW</HostId>
> <Token-1>{ProductToken} THIS_SHOULD_NOT_BE_HERE </Token-1>
> <Token-0>{UserToken} THIS_SHOULD_NOT_BE_HERE </Token-0>
> </Error>\')\n
> ]\'>\n]', None)
> }}}
> (The storage server is running ticket999-S3-branch, but the problem also
> occurs for the current 1819-cloud-merge branch.)

New description:

 Here's an example of !LeastAuthority.com secrets being leaked in an S3
 error message (I've replaced the actual secrets with
 "THIS_SHOULD_NOT_BE_HERE" for this bug report):
 {{{
 [Failure instance: Traceback: <class
 'lae_automation.endtoend.CheckFailed'>:
  Error for 107.22.17.1: could not create test file: [Failure instance:
 Traceback (failure with no frames):
  <class 'allmydata.mutable.common.NotEnoughServersError'>: ('Publish ran
 out of good servers, last failure was:
  [Failure instance: Traceback (failure with no frames): <class
 \'foolscap.tokens.RemoteException\'>:
  <RemoteException around \'[CopiedFailure instance: Traceback from remote
 host -- Traceback (most recent call last):\n
   File "/usr/local/lib/python2.6/dist-
 packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/tcp.py",
 line 277, in connectionLost\n
     protocol.connectionLost(reason)\n
   File "/usr/local/lib/python2.6/dist-
 packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/web/client.py", line
 191, in connectionLost\n
     self.factory._disconnectedDeferred.callback(None)\n
   File "/usr/local/lib/python2.6/dist-
 packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/defer.py",
 line 362, in callback\n
     self._startRunCallbacks(result)\n
   File "/usr/local/lib/python2.6/dist-
 packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/defer.py",
 line 458, in _startRunC\n
 \n-- TRACEBACK ELIDED --\n\n
   client/base.py", line 46, in error_wrapper\n
     raise fallback_error\n
 allmydata.storage.backends.s3.s3_common.TahoeS3Error: (\'400\', \'400 Bad
 Request\',
 \'<?xml version="1.0" encoding="UTF-8"?>\\n
 <Error><Code>InvalidToken</Code>
 <Message>The provided token is malformed or otherwise invalid.</Message>
 <RequestId>266AB3D40D3E8F00</RequestId><HostId>IXcXMiM5tH07dLaANbZsgKe4rqkFF7yMBmfGlhWqZfdd9i6FqUiuUcsgEc6cmrAW</HostId>
 <Token-1>{ProductToken} THIS_SHOULD_NOT_BE_HERE </Token-1>
 <Token-0>{UserToken} THIS_SHOULD_NOT_BE_HERE </Token-0>
 </Error>\')\n
 ]\'>\n]', None)
 }}}

 The storage server is running ticket999-S3-backend, but the problem also
 occurs for the current 1819-cloud-merge branch. (The latter redacts
 {{{SignatureDoesNotMatch}}} errors but not {{{InvalidToken}}} errors.)

--

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2037#comment:1>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list