commit e8acc504faccbf815b53d2c39cdc6d858ba03da3
Author: Kurt Martin <email address hidden>
Date: Thu Aug 15 16:22:31 2013 -0700
Fix SSH injection threat in 3PAR driver
The setqos ssh command was not built up correctly when the following
patch https://review.openstack.org/#/c/37697/ landed for cleaning up
the SSH calls from injection attacks in the 3PAR driver.
The command was in the following format causing the injection threat
due to the spaces in the second item in the list:
['setqos', '-io 5000 -bw 500M vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
When it should actually be in the following format:
['setqos', '-io', '5000', '-bw', '500M', 'vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
Reviewed: https:/ /review. openstack. org/42241 github. com/openstack/ cinder/ commit/ e8acc504faccbf8 15b53d2c39cdc6d 858ba03da3
Committed: http://
Submitter: Jenkins
Branch: master
commit e8acc504faccbf8 15b53d2c39cdc6d 858ba03da3
Author: Kurt Martin <email address hidden>
Date: Thu Aug 15 16:22:31 2013 -0700
Fix SSH injection threat in 3PAR driver
The setqos ssh command was not built up correctly when the following /review. openstack. org/#/c/ 37697/ landed for cleaning up
patch https:/
the SSH calls from injection attacks in the 3PAR driver.
The command was in the following format causing the injection threat JOHB2Oj0QJ2UaWa twbe7Bg' ] vvs-JOHB2Oj0QJ2 UaWatwbe7Bg' ]
due to the spaces in the second item in the list:
['setqos', '-io 5000 -bw 500M vvset:vvs-
When it should actually be in the following format:
['setqos', '-io', '5000', '-bw', '500M', 'vvset:
Change-Id: I69ed8dbca3af3b a56220891411b63 331c1935373
Fixes: bug 1212884