2017-04-03 19:51:42 |
Rahul U Nair |
description |
## Request
GET http://127.0.0.1:8776/v3/%99/volumes HTTP/1.1
X-Auth-Token: gAAAAABY0-YrntrLI8rDZdoOIoyAQ0dJ5VC7f-Tma2nBiLZOijW4-Ox-3TVRAK4A5G0MGn54QadVMrIs2r-AYXpE0YwxKnHO8XNzRSzP-1vQAg5L0IrhMjHWIKqsot9yoHhrAc6-BBfmIBBU0TKQvOIc-ivhuzSuJyDcKAEA3gZSETX5BR7fuIA
Content-Length: 0
User-Agent: Jakarta Commons-HttpClient/3.1
Host: 127.0.0.1:8776
## Response
HTTP/1.1 500 Internal Server Error
Content-Type: text/plain
Content-Length: 0
Date: Thu, 23 Mar 2017 15:15:04 GMT
Connection: close
## log tail
root@vagrant-ubuntu-trusty-64:/opt/stack/logs# tail -f c-api.log
bpath_info = bytes_(self.path_info, self.url_encoding)
File "/usr/local/lib/python2.7/dist-packages/webob/descriptors.py", line 68, in fget
return req.encget(key, encattr=encattr)
File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 177, in encget
return val.decode(encoding)
File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0x99 in position 1: invalid start byte
This is caused by the %99 unicode , this issue is present for any number of code points,
as webob object fails to handle the excepton returned by utf_8.py. This may be handled at cinder API level and so that this does not cause a server error. |
As part of the OSIC teams security review of different OpenStack projects, we identified this issue when fuzzing the cinder API.
## Request
GET http://127.0.0.1:8776/v3/%99/volumes HTTP/1.1
X-Auth-Token: gAAAAABY0-YrntrLI8rDZdoOIoyAQ0dJ5VC7f-Tma2nBiLZOijW4-Ox-3TVRAK4A5G0MGn54QadVMrIs2r-AYXpE0YwxKnHO8XNzRSzP-1vQAg5L0IrhMjHWIKqsot9yoHhrAc6-BBfmIBBU0TKQvOIc-ivhuzSuJyDcKAEA3gZSETX5BR7fuIA
Content-Length: 0
User-Agent: Jakarta Commons-HttpClient/3.1
Host: 127.0.0.1:8776
## Response
HTTP/1.1 500 Internal Server Error
Content-Type: text/plain
Content-Length: 0
Date: Thu, 23 Mar 2017 15:15:04 GMT
Connection: close
## log tail
root@vagrant-ubuntu-trusty-64:/opt/stack/logs# tail -f c-api.log
bpath_info = bytes_(self.path_info, self.url_encoding)
File "/usr/local/lib/python2.7/dist-packages/webob/descriptors.py", line 68, in fget
return req.encget(key, encattr=encattr)
File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 177, in encget
return val.decode(encoding)
File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0x99 in position 1: invalid start byte
This is caused by the %99 unicode , this issue is present for any number of code points,
as webob object fails to handle the excepton returned by utf_8.py. This may be handled at cinder API level and so that this does not cause a server error. |
|