*** This bug is a security vulnerability ***
Public security bug reported:
I encountered this bug when execution do-release-upgrade on an Ubuntu 19.10
machine.
The release upgrade crashed ungracefully not calling abort() which should
rollback all changes up to that point.
So I ended up with kind of a broken packages and configuration hell on my
server machine.
I finally was able to perform the release upgrade by using apt / dpkg manually
and resolving package dependencies and conflicts by hand.
The bug is on actually two places:
DistUpgradeController.py (parameter devRelease not set at all due to
wrong indendation of else block)
DistUpgradeCache.py (using unsafe code within except block: accessing
undefined key 'devRelease' and provoke KeyError)
In general: the idea of except or catch or whatever is not just execute
different code logic in case of exception. It is about doing the most
basic stuff in case anything goes wrong (which should be as exception
(error) safe as possible)
Bad practice:
try
doSomething();
catch exception
ignoreException();
doSomethingElse();
Good practice:
try
doSomethingUnsafe();
catch exception e
logAndHandleException(e);
useAnotherTryIfAdditionalLogicIsRequired();
That kind of bad structure costed me 1 day of error analysis (I am not a
python guy) and another 1 day to revert the things from the failed
upgrade.
The bugs:
Since I can not find any source code git repository, the next lines target the
python module which can be found in /usr/lib/python3/dist-packages/DistUpgrade
(Ubuntu 19.10 / Ubuntu 20.04 LTS)
(line numbers may differ)
Major Bug:
DistUpgradeController.py:138-139 (wrong indentation of else block)
Current:
if self.options:
if self.options.devel_release:
self.config.set("Options","devRelease", "True")
else:
self.config.set("Options","devRelease", "False")
Should be:
if self.options:
if self.options.devel_release:
self.config.set("Options","devRelease", "True")
else:
self.config.set("Options","devRelease", "False")
Minor Bug:
DistUpgradeCache.py:651-694 (except block)
Error arised in lines 667-668
elif self.config.get("Options", "foreignPkgs") == "False" and \
self.config.get("Options", "devRelease") == "True":
cause "devRelease" was not set on "Options" (see Major bug)
except block should not excecute unsafe code cause its job is error handling
and roll back.
please make the entire block more fail safe (also use additional "try" if
neccessary)
Since it seems like that accessing keys in python is not safe (reminds me of
javascript)
it should be always checked if the key does even exist before accessing it.
Thanks for taking care of that.
Edit: I found the attachment feature after writing this report so please
find the DistUpgradeController.py attached containing the major bug.
Please keep me up to date
[email protected]
Best Regards
** Affects: ubuntu-release-upgrader (Ubuntu)
Importance: Undecided
Status: New
** Tags: dist-upgrade do-release-upgrade
** Attachment added: "Source file including the Major bug taken from Ubuntu
server 20.04 LTS environment"
https://bugs.launchpad.net/bugs/1882069/+attachment/5380306/+files/DistUpgradeController.py
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882069
Title:
DistUpgradeController.py key 'devRelease' not set correctly
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1882069/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
