Page MenuHomePhabricator

Authentication failures with IPv6 addresses bound sessions
Closed, ResolvedPublic

Description

Author: brovvnout+bugzilla

Description:
Trying to log in from an IPv6 address (static) with "Restrict this session to
this IP address" disabled gives:
"Software error:

Undef to trick_taint at Bugzilla/Util.pm line 52
Bugzilla::Util::trick_taint('undef') called at Bugzilla/Auth/CGI.pm line 69
Bugzilla::Auth::CGI::login('Bugzilla::Auth::CGI', 2) called at Bugzilla.pm line 74
Bugzilla::login('Bugzilla', 2) called at /srv/org/wikimedia/bugzilla/query.cgi
line 61"

Logging in from an IPv6 address checking "Restrict this session to this IP
address" and trying to change the password gives:
"Software error:

Undef to trick_taint at Bugzilla/Util.pm line 52
Bugzilla::Util::trick_taint('undef') called at Bugzilla/Auth/CGI.pm line 69

Bugzilla::Auth::CGI::login('Bugzilla::Auth::CGI', 2) called at Bugzilla.pm line 74
Bugzilla::login('Bugzilla', 2) called at

/srv/org/wikimedia/bugzilla/userprefs.cgi line 337"

No problems encountered setting other preferences. All fine in IPv4.
(tested with Mozilla Firefox 2.0.0.3)


Version: unspecified
Severity: normal
OS: Linux
Platform: PC
URL: http://bugzilla.wikimedia.org

Details

Reference
bz9925

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:42 PM
bzimport set Reference to bz9925.
bzimport added a subscriber: Unknown Object (MLST).

ayg wrote:

This is an upstream problem. We're upgrading versions soon, anyway, so
probably it will go away in the near future.

marco wrote:

*** Bug 14909 has been marked as a duplicate of this bug. ***

Bug is at :
https://bugzilla.mozilla.org/show_bug.cgi?id=392575

You have to hardcode bugzilla IP address in your /etc/hosts

  • Bug 21084 has been marked as a duplicate of this bug. ***

Changing to LATER, adding +upstream.

Can't you leave it open pending for an upgrade ? Our current bugzilla needs an upgrade ;)

  • Bug 21425 has been marked as a duplicate of this bug. ***
  • Bug 21659 has been marked as a duplicate of this bug. ***
  • Bug 21993 has been marked as a duplicate of this bug. ***

Should be fixed now. https://bugzilla.mozilla.org/show_bug.cgi?id=392575 and its blocker https://bugzilla.mozilla.org/show_bug.cgi?id=399073 were both fixed in 3.6.

Feel free to reopen if it still happens.

Looks like bugzilla got upgraded to a new server which do not support IPv6 or at least it is not referenced in DNS.

$ dig +short ANY bugzilla.wikimedia.org
kaulen.wikimedia.org.
208.80.152.149
$

I will assume upstream actually fixed the issue and this bug can be closed.