Security issues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In the process of preparing Swift for roll-out at HP, our security team identified a couple of security vulnerabilities to which we developed fixes. These vulnerabilities are:
- command injection (quotation marks allowed as part of folder name)
- risk of Swift storage corruption (account and container servers don't check input parameters for length, quotation marks)
- negative content length (req.content_length isn't checked to see if it is < -1)
The fixes are implemented in:
swift/
swift/
swift/
Tests are implemented in:
test/
test/
test/
test/
test/
Please advise how you would like us to proceed.
-Eamonn.
information type: | Private Security → Public Security |
Hello Eamonn, thanks for reporting those issues.
As a first step, for confirmation of the issues, I added John Dickinson, the technical lead for Swift, to the list of people that can access this bug. Could you post your proposed patch as an attachment to this bug ? Then it will be discussed by a few Swift core developers, then we'll coordinate a public release with the downstream distributions and public cloud providers (and get CVEs assigned for those).
From the description of the issues so far they appear rather serious, so please don't leak information about these issues beyond this bug discussion, we can add more people to this bug subscriber list if more access is needed.