db: relation creation fails when charm name is > 16 characters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Percona Cluster Charm |
Won't Fix
|
Low
|
Wouter van Bommel |
Bug Description
When a database relation is created, the databasename and username for the entry are based on the name of the charm requesting the relation. Charm names are user defined.
See #647 in hooks/percona_
The problem is that the username is limited to 16 characters, which is not taken into account. The other issue is, that limiting the username to 16 chars will result in conflicts if multiple charms have the same 16 starting letters.
The lack of input validation might leave a window for sql injection, based on the naming of the charm that requests a relation to be created.
Looking to the regular mysql charm, they use a randomly generated string for the username, which should be perfectly fine.
tags: | added: canonical-bootstack |
Changed in charm-percona-cluster: | |
assignee: | nobody → Wouter van Bommel (woutervb) |
status: | New → In Progress |
Changed in charm-percona-cluster: | |
status: | In Progress → Fix Committed |
Changed in charm-percona-cluster: | |
status: | Fix Committed → In Progress |
Changed in charm-percona-cluster: | |
status: | Triaged → Incomplete |
Changed in charm-percona-cluster: | |
milestone: | 19.04 → 19.07 |
Changed in charm-percona-cluster: | |
milestone: | 19.07 → 19.10 |
Changed in charm-percona-cluster: | |
milestone: | 19.10 → 20.01 |
Changed in charm-percona-cluster: | |
milestone: | 20.01 → 20.05 |
Changed in charm-percona-cluster: | |
milestone: | 20.05 → 20.08 |
Changed in charm-percona-cluster: | |
milestone: | 20.08 → none |
Fix proposed to branch: master /review. openstack. org/606202
Review: https:/