Encryption error when clicking on "list hosts", just set AD password.

vangrimoire

{"error":"error:0606508A:digital envelope routines:EVP_DecryptFinal_ex:data not multiple of block length"} 

On clicking list hosts. Just set AD password for new image.

vangrimoire

error shows when clicking on “tasks” and “export hosts” as well.

vangrimoire

Looks like a problem in webrypt with @ symbols in passwords. Yup that’s it.

mysql to ‘fog’

ran

UPDATE hosts
SET
    hostADPass = '0'
WHERE
    hostID = 2;

Sebastian Roth

@vangrimoire Which version of FOG do you run?

vangrimoire

Current according to the system.

Sebastian Roth

@vangrimoire So that means 1.5.7?

vangrimoire

Yep, sorry didn’t see the version on the big button. 1.5.7

Sebastian Roth

@vangrimoire I have not found the time to replicate and look into the issue but I will do so soon.

vangrimoire

@Sebastian-Roth

Just enter an @ sign in the password field of the “Active Directory” page and save.

https://stackoverflow.com/questions/19934422/encrypt-string-in-php-and-decrypt-in-node-js

Sebastian Roth

@vangrimoire Ok, I played with it for a bit but can’t actually reproduce the error. I did as you said, opened the settings of one host, went to the AD tab, entered a password that includes an @ symbol (tried different combinations - somewhere in the middle, at the end, as a single character), saved,went back to the host listing and don’t get an error on the web UI.

Here is what I have in the DB for this host now:

mysql> SELECT hostName,hostUseAD,hostADDomain,hostADUser,hostADPass,hostEnforce FROM hosts;
+----------+-----------+--------------+---------------+-------------+-------------+
| hostName | hostUseAD | hostADDomain | hostADUser    | hostADPass  | hostEnforce |
+----------+-----------+--------------+---------------+-------------+-------------+
| ws228732 | 1         | MYDOM        | Administrator | test123@123 | 1           |
+----------+-----------+--------------+---------------+-------------+-------------+
1 row in set (0.000 sec)

As well, nothing in the apache and PHP error logs.

Where do you see the error? Can you post a picture?

vangrimoire

when I click on “list hosts”, “tasks”, and “export hosts” the page is replaced with the error.

php is version 7.2.23 on CentOS Linux release 7.7.1908 (core)

Sebastian Roth

@vangrimoire My test was on a Fedora 30 system using PHP 7.3.10

@Moderators Anyone else able to replicate this issue?

Quazz

Tested on Centos 7 PHP 7.2 FOG 1.5.7

No problem with @ in password on my end.

@vangrimoire what’s in your PHP/apache error logs?

vangrimoire

Password was: |-|@11ow33n

Maybe try the bars and hyphen?

Sebastian Roth

@vangrimoire Indeed that did the trick. I will see why this happens.

Tom Elliott

@Sebastian-Roth it’s the double pipes.

We used to store the encrypted form of the password in such a way that it was

IV|encryprtedpassword|key

It needed all three to decrypt

Sebastian Roth

@Tom-Elliott Yeah right! Can we solve this in the code by not allowing the pipes in passwords at all? But I am sure there are people out there using those in their passwords.

Tom Elliott

@Sebastian-Roth I think we just need to refine the code a bit more. I don’t know why it’s getting the error, I just know what we did int he past for the passwords. I’m sure we can make a more proper fix without limiting what passwords an admin can use.

Tom Elliott

I found and believe I may have fixed the issue. It was actually pretty simple. The error was coming from the unpacking of information.

Hopefully it helps. Just repull the dev-branch and install and all should be back to normal.