Cinder

  1. Bug #1212884
  2. Comment #4

Comment 4 for bug 1212884

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/42241
Committed: http://github.com/openstack/cinder/commit/e8acc504faccbf815b53d2c39cdc6d858ba03da3
Submitter: Jenkins
Branch: master

commit e8acc504faccbf815b53d2c39cdc6d858ba03da3
Author: Kurt Martin <email address hidden>
Date: Thu Aug 15 16:22:31 2013 -0700

    Fix SSH injection threat in 3PAR driver

    The setqos ssh command was not built up correctly when the following
    patch https://review.openstack.org/#/c/37697/ landed for cleaning up
    the SSH calls from injection attacks in the 3PAR driver.

    The command was in the following format causing the injection threat
    due to the spaces in the second item in the list:
    ['setqos', '-io 5000 -bw 500M vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
    When it should actually be in the following format:
    ['setqos', '-io', '5000', '-bw', '500M', 'vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']

    Change-Id: I69ed8dbca3af3ba56220891411b63331c1935373
    Fixes: bug 1212884