OpenStack Compute (nova)

Some id arguments for OSAPI are not verified to be numeric leading to false matches in mysql

Bug #1078055 reported by Stanislaw Pitucha on 2012-11-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Francisco Demontiê dos Santos Junior	OpenStack Compute (nova) 2014.1 "icehouse"

Bug Description

Some id arguments for the OSAPI queries should only take numeric arguments, but this is not verified before passing the id to the db api. In case of mysql this leads for example to automatic truncation of non-numeric characters from the end of the string.

Lets say there's a floating ip entry with id=123. If you issue a request to: "https://api/v1.1/tenant/os-floating-ips/123zzzz", you will get the floating ip 123 in response. The following line will be logged:

2012-11-12 18:11:03 WARNING nova.common.deprecated [req-21324670-f110-4eb1-8c35-bb1aa5581edb None None] Truncated incorrect DOUBLE value: '123zzzz'

Although this is a trivial thing in this example, probably the code should be fixed or at least reviewed in case there's a possibility of circumventing some security check. (for example if the check passes for non-existant ids, but then allows access on a stripped id)
This bug is likely to happen on more resources than just os-floating-ips.

I believe this issue happens only with a mysql database, but this may not be correct - other ones may have a similar behaviour.

Michael Still (mikal) on 2012-11-13

Changed in nova:
status:	New → Triaged
importance:	Undecided → Medium

Francisco Demontiê dos Santos Junior (demontie) on 2013-10-08

Changed in nova:
assignee:	nobody → Francisco Demontiê dos Santos Junior (demontie)

Francisco Demontiê dos Santos Junior (demontie) on 2013-10-08

Changed in nova:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-17: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/52459

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-15: Fix merged to nova (master)

Reviewed: https://review.openstack.org/52459
Committed: http://github.com/openstack/nova/commit/dfea61fa4b1872f4960f645ad2b605236ee52cb4
Submitter: Jenkins
Branch: master

commit dfea61fa4b1872f4960f645ad2b605236ee52cb4
Author: Demontiê Junior <email address hidden>
Date: Thu Oct 17 14:03:47 2013 -0300

Raising exception for invalid floating_ip's ID

    The proposal is to validate the ID from the request to check
    whether it is is valid for nova-network driver.
    If the network driver is nova-network, the ID should be numeric.

Change-Id: I10df4f9ba2f5cfec7a6d2112cf5905944a9b5419
Closes-bug: #1078055

Changed in nova:
status:	In Progress → Fix Committed

Francisco Demontiê dos Santos Junior (demontie) on 2013-11-29

Changed in nova:
status:	Fix Committed → Fix Released

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-12-02:

Not released in a milestone yet

Changed in nova:
status:	Fix Released → Fix Committed

Russell Bryant (russellb) on 2013-12-03

Changed in nova:
milestone:	none → icehouse-1

Thierry Carrez (ttx) on 2013-12-04

Changed in nova:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in nova:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.