Cue

cue worker vulnerable if cluster size is too large

Bug #1427894 reported by Davide Agnello on 2015-03-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cue	Fix Committed	Critical	Davide Agnello	Cue 1.0.0

Bug Description

Currently, the Cue API/Worker does not verify any limits on size of cluster being constructed. This makes Cue worker instances vulnerable to DOS attacks if an unrealistic cluster size is provided. The worker will attempt to build and execute a new work flow (TaskFlow) with any provided cluster size value.

Davide Agnello (dagnello) on 2015-03-03

Changed in cue:
importance:	Undecided → Critical

Davide Agnello (dagnello) on 2015-03-26

Changed in cue:
assignee:	nobody → Davide Agnello (dagnello)

OpenStack Infra (hudson-openstack) on 2015-03-27

Changed in cue:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-28: Fix merged to cue (master)

Reviewed: https://review.openstack.org/167806
Committed: https://git.openstack.org/cgit/stackforge/cue/commit/?id=33876924f749188eca4deaa4adfd4c60c5e78cef
Submitter: Jenkins
Branch: master

commit 33876924f749188eca4deaa4adfd4c60c5e78cef
Author: dagnello <email address hidden>
Date: Wed Mar 25 14:28:50 2015 -0700

Cap maximum number of nodes in a cluster

    * Max limit configurable in cue.conf
    * Cue API post request (create cluster) will validate size is
      within this limit
    * Added API test for cluster creation higher than limit is rejected.

closes-bug: 1427894

Change-Id: I7e979b22c519df83a44699bac3d45d2a3802f2f7

Changed in cue:
status:	In Progress → Fix Committed

Vipul Sabhaya (vipuls) on 2015-11-11

Changed in cue:
milestone:	none → 1.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.