Glance

Cache can store invalid images

Bug #1028496 reported by Brian Elliott
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Brian Elliott
Glance 2012.2 "folsom"

Bug Description

On a GET request, the image streamed back to the client will be stored in the cache without any re-validation of the checksum. This makes it possible to cache invalid images if the storage backend is malfunctioning.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/10223

Changed in glance:
assignee: nobody → Brian Elliott (belliott)
status: New → In Progress
Brian Waldon (bcwaldon)
Changed in glance:
milestone: none → folsom-3
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/10223
Committed: http://github.com/openstack/glance/commit/19334f0f8d0d2e8bcc086ef27e44c0a6a80bd9d6
Submitter: Jenkins
Branch: master

commit 19334f0f8d0d2e8bcc086ef27e44c0a6a80bd9d6
Author: Brian Elliott <email address hidden>
Date: Sun Jul 22 14:39:08 2012 -0500

    Do not cache images that fail checksum verfication

    On an image GET, recalculate the image checksum as the image
    data is streamed to the client. Verify that the checksum matches
    the original checksum calculated when the image was added to Glance.
    If checksum validation fails, purge the image from the cache.

    This type of situation could occur if the backend image store
    is malfunctioning.

    bug 1028496

    Change-Id: I9f38bac8360016bb12b5edaad87c50939a538cc0

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: folsom-3 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.