check_ssh_injection not handling quoted args correctly
Bug #1244415 reported by
Matthew Edmonds
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
High
|
Luis A. Garcia | ||
Havana |
Fix Released
|
High
|
Jay Bryant |
Bug Description
check_ssh_injection in cinder/utils.py is disallowing args with spaces even when the arg is quoted. This leads to an SSHInjectionThreat being raised when a volume driver needs to send a quoted arg containing spaces, e.g. when a storage pool name contains a space.
Changed in cinder: | |
status: | New → Confirmed |
tags: | added: havana-backport-potential |
Changed in cinder: | |
importance: | Undecided → High |
Changed in cinder: | |
assignee: | nobody → Luis A. Garcia (luisg-8) |
Changed in cinder: | |
status: | Confirmed → In Progress |
tags: | removed: havana-backport-potential |
Changed in cinder: | |
milestone: | none → icehouse-1 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | icehouse-1 → 2014.1 |
To post a comment you must log in.
https:/ /review. openstack. org/#/c/ 54405/