Cinder

  1. Bug #1679288
  2. Activity log

Activity log for bug #1679288

Date Who What changed Old value New value Message
2017-04-03 19:50:20 Rahul U Nair bug added bug
2017-04-03 19:51:42 Rahul U Nair description ## Request GET http://127.0.0.1:8776/v3/%99/volumes HTTP/1.1 X-Auth-Token: gAAAAABY0-YrntrLI8rDZdoOIoyAQ0dJ5VC7f-Tma2nBiLZOijW4-Ox-3TVRAK4A5G0MGn54QadVMrIs2r-AYXpE0YwxKnHO8XNzRSzP-1vQAg5L0IrhMjHWIKqsot9yoHhrAc6-BBfmIBBU0TKQvOIc-ivhuzSuJyDcKAEA3gZSETX5BR7fuIA Content-Length: 0 User-Agent: Jakarta Commons-HttpClient/3.1 Host: 127.0.0.1:8776 ## Response HTTP/1.1 500 Internal Server Error Content-Type: text/plain Content-Length: 0 Date: Thu, 23 Mar 2017 15:15:04 GMT Connection: close ## log tail root@vagrant-ubuntu-trusty-64:/opt/stack/logs# tail -f c-api.log bpath_info = bytes_(self.path_info, self.url_encoding) File "/usr/local/lib/python2.7/dist-packages/webob/descriptors.py", line 68, in fget return req.encget(key, encattr=encattr) File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 177, in encget return val.decode(encoding) File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode return codecs.utf_8_decode(input, errors, True) UnicodeDecodeError: 'utf8' codec can't decode byte 0x99 in position 1: invalid start byte This is caused by the %99 unicode , this issue is present for any number of code points, as webob object fails to handle the excepton returned by utf_8.py. This may be handled at cinder API level and so that this does not cause a server error. As part of the OSIC teams security review of different OpenStack projects, we identified this issue when fuzzing the cinder API. ## Request GET http://127.0.0.1:8776/v3/%99/volumes HTTP/1.1 X-Auth-Token: gAAAAABY0-YrntrLI8rDZdoOIoyAQ0dJ5VC7f-Tma2nBiLZOijW4-Ox-3TVRAK4A5G0MGn54QadVMrIs2r-AYXpE0YwxKnHO8XNzRSzP-1vQAg5L0IrhMjHWIKqsot9yoHhrAc6-BBfmIBBU0TKQvOIc-ivhuzSuJyDcKAEA3gZSETX5BR7fuIA Content-Length: 0 User-Agent: Jakarta Commons-HttpClient/3.1 Host: 127.0.0.1:8776 ## Response HTTP/1.1 500 Internal Server Error Content-Type: text/plain Content-Length: 0 Date: Thu, 23 Mar 2017 15:15:04 GMT Connection: close ## log tail root@vagrant-ubuntu-trusty-64:/opt/stack/logs# tail -f c-api.log     bpath_info = bytes_(self.path_info, self.url_encoding)   File "/usr/local/lib/python2.7/dist-packages/webob/descriptors.py", line 68, in fget     return req.encget(key, encattr=encattr)   File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 177, in encget     return val.decode(encoding)   File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode     return codecs.utf_8_decode(input, errors, True) UnicodeDecodeError: 'utf8' codec can't decode byte 0x99 in position 1: invalid start byte This is caused by the %99 unicode , this issue is present for any number of code points, as webob object fails to handle the excepton returned by utf_8.py. This may be handled at cinder API level and so that this does not cause a server error.
2017-04-05 14:58:06 Eric Harney cinder: assignee Eric Harney (eharney)
2017-04-28 12:55:07 Bhagyashri Shewale cinder: status New Confirmed
2018-01-12 19:03:43 Sean McGinnis cinder: assignee Eric Harney (eharney)