swift-ring-builder - empty device name
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Undecided
|
Christian Schwede |
Bug Description
swift-ring builder allows to create device with empty device_name:
root@swift1:~# swift-ring-builder account.builder create 10 3 1
root@swift1:~# swift-ring-builder account.builder add r1z1-127.
Device d0r1z1-
root@swift1:~# swift-ring-builder account.builder
account.builder, build version 1
1024 partitions, 3.000000 replicas, 1 regions, 1 zones, 1 devices, 100.00 balance, 0.00 dispersion
The minimum number of hours before a partition can be reassigned is 1
The overload factor is 0.00% (0.000000)
Devices: id region zone ip address port replication ip replication port name weight partitions balance meta
0 1 1 127.0.0.1 6012 127.0.0.1 6012 1.00 0 -100.00
This ring is unusable then, when i try to do any operation on Swift:
Mar 30 14:02:51 swift1 account-server: 10.0.162.46 - - [30/Mar/
/v1.0" "txe184bd485dd9
If i recreated same ring with device name "a", everything is working fine:
Mar 30 15:15:31 swift1 account-server: 10.0.162.46 - - [30/Mar/
/v1/AUTH_
I think device_name is required parameter and swift-ring-builder shouldn't allow to add device without device_name.
CVE References
Changed in swift: | |
milestone: | none → 2.3.0-rc1 |
status: | Fix Committed → Fix Released |
Changed in swift: | |
milestone: | 2.3.0-rc1 → 2.3.0 |
Thanks for the bug report!
You're right, this is not very nice. Additionally it is possible to use device names with a leading or trailing space, which might make problems as well, for example this one:
swift-ring-builder account.builder add r1z1-127. 0.0.1:6012/ met data 1
Now you have a device assigned called " meta data".
I'll commit a fix for this.