Users can set arbitrary headers by adding newlines to header values
Bug #1297414 reported by
Nicolas Simonds
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Won't Fix
|
Undecided
|
Nicolas Simonds | ||
Glance Client |
Fix Released
|
Undecided
|
Nicolas Simonds |
Bug Description
Glance and the python-glanceclient (v1) do not armor/sanitize their inputs when assembling headers. In particular, "x-image-
I can't really see anything in the code that uses HTTP headers to set any sort of security context, but this could just be a lack of imagination on my part.
information type: | Private Security → Public |
Changed in glance: | |
assignee: | nobody → Nicolas Simonds (nicolas.simonds) |
Changed in python-glanceclient: | |
assignee: | nobody → Nicolas Simonds (nicolas.simonds) |
Changed in python-glanceclient: | |
status: | New → In Progress |
Changed in python-glanceclient: | |
status: | In Progress → New |
To post a comment you must log in.
The more common manifestation of this bug is that users put newlines in their Description: values and break image uploads.