Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-7333

{puppetlabs-firewall} : {md5sums are being performed on empty comments}

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:
    • Template:
      MODULES Bug Template
    • Team:
      Modules
    • Method Found:
      Needs Assessment
    • CS Priority:
      Reviewed
    • QA Risk Assessment:
      Needs Assessment

      Description

      Module Version: puppetlabs-firewall
      Puppet Version: 2018.0.x
      OS Name/Version: RHEL 7

      Description:
      Systems with iptables rules containing empty comments will cause a the generation of an md5 hash that trips fips enabled hosts, leading to agent run failures:

      md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
      

      Desired Behavior:

      Do not generate additional md5 hash during catalog application.

      Actual Behavior:

      An md5 hash is generated, causing a fips failure.

      This is happening at https://github.com/puppetlabs/puppetlabs-firewall/blob/master/lib/puppet/provider/firewall/iptables.rb#L610.

      The only workaround at the moment is to add text to all comments to avoid the additional hash generation.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              david.swan David Swan
              Reporter:
              nicholas.kernohan Nicky Kernohan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support