OpenStack Compute (nova)

Upper bounds checking not performed on flavor-create API

Bug #1243195 reported by Matt Riedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Christopher Yeoh
OpenStack Compute (nova) 2014.1 "icehouse"

Bug Description

The flavor-create API does validation that root_gb and other integer values are positive integers but it doesn't do an upper bounds check to make sure they aren't longs. If a user tries to create a flavor with an integer value that is bigger than an int, the python int() method (used in the validation) will just convert it to a long but the database model for InstanceTypes defines the column as an Integer (not a BigInteger) and then the database has to handle the value.

Some examples:

http://paste.openstack.org/show/48988/

The nova.compute.flavor.create() method should validate that the integer values are actually integers and not longs (I'd suggest checking to make sure the int values are <= sys.maxint).

From the DB model, it looks like these are the fields that need the validation:

    memory_mb = Column(Integer, nullable=False)
    vcpus = Column(Integer, nullable=False)
    root_gb = Column(Integer)
    ephemeral_gb = Column(Integer)
    swap = Column(Integer, nullable=False, default=0)
    vcpu_weight = Column(Integer)

Tags: api compute db
Matt Riedemann (mriedem)
tags: added: api db
Revision history for this message
Matt Riedemann (mriedem) wrote :

The validation I'm referring to is here:

https://github.com/openstack/nova/blob/2013.2/nova/compute/flavors.py#L120

https://github.com/openstack/nova/blob/2013.2/nova/compute/flavors.py#L130

It doesn't look like vcpu_weight is validated.

Christopher Yeoh (cyeoh-0)
Changed in nova:
status: New → Confirmed
importance: Undecided → Medium
Christopher Yeoh (cyeoh-0)
Changed in nova:
assignee: nobody → Christopher Yeoh (cyeoh-0)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/54026

Changed in nova:
status: Confirmed → In Progress
Revision history for this message
Christopher Yeoh (cyeoh-0) wrote :

Note that vcpu_weight is not set through the create API.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/54026
Committed: http://github.com/openstack/nova/commit/63ab7701115a019f4b3421bb2367525165ebc03b
Submitter: Jenkins
Branch: master

commit 63ab7701115a019f4b3421bb2367525165ebc03b
Author: Chris Yeoh <email address hidden>
Date: Sun Oct 27 21:57:46 2013 +1030

    Adds upper bound checking for flavor create parameters

    The flavor-create API does validation that root_gb and
    other integer values are positive integers but it doesn't
    do an upper bounds check to make sure they aren't longs.
    If a user tries to create a flavor with an integer value
    that is bigger than an int, the python int() method
    (used in the validation) will just convert it to a long but
    the database model for InstanceTypes defines the column as
    an Integer (not a BigInteger) and then the database has
    to handle the value.

    This changeset adds upperbounds checking for memory_mb,
    vcpus, root_gb, ephemeral_gb and swap.

    Also adds missing testcase for ephermal_gb validity

    Change-Id: I63ef42e6befeff1edb81bc9caded2df2a4654b8c
    Closes-Bug: 1243195

Changed in nova:
status: In Progress → Fix Committed
Russell Bryant (russellb)
Changed in nova:
milestone: none → icehouse-1
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.