Security Group Rule create with forged integer security_group_id causes exceptions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Assuming a project xyz has Security Groups, following POST requests fails with HTTP 500 ValueError:
/v2.0/security-
{
"security_
"direction": "egress",
"ethertype": "IPv4",
"port_range_max": 443,
"port_range_min": 443,
"project_id": "xyz",
"protocol": "tcp",
"remote_
"security_
}
}
The value error is raised by python uuid with `badly formed hexadecimal UUID string`.
This is because the prior validation _check_
sg_obj.
MariaDB [neutron]> SELECT count(*) FROM securitygroups WHERE securitygroups.id IN (0);
+----------+
| count(*) |
+----------+
| 15 |
+----------+
1 row in set, 46 warnings (0.001 sec)
MariaDB [neutron]> SHOW WARNINGS LIMIT 1;
+------
| Level | Code | Message |
+------
| Warning | 1292 | Truncated incorrect DOUBLE value: '77dd53b2-
+------
1 row in set (0.000 sec)
Thus, the validation succeeds and the code path is followed till the id is converted to a UUID - which causes the unexpected exception.
Changed in neutron: | |
assignee: | nobody → Andrew Karpow (andyonce) |
Changed in neutron: | |
importance: | Undecided → Medium |
Fix proposed to branch: master /review. opendev. org/c/openstack /neutron/ +/837146
Review: https:/