WsgiLimiterProxy code looks suspect
Bug #1823750 reported by
Eric Harney
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Rajat Dhasmana | ||
OpenStack Shared File Systems Service (Manila) |
Fix Released
|
Low
|
Goutham Pacha Ravi |
Bug Description
WsgiLimiterProxy check_for_delay() has the following:
if http_client.OK >= resp.status < http_client.
Ignoring that the intent of this to check for 2xx responses was obfuscated by the refactoring done here: https:/
This translates to
if 200 >= resp.status < 300
Which is equivalent to
if resp.status <= 200
which means that the MULTIPLE_
I assume this was supposed to be
if 200 <= resp.status < 300
to look for 2xx returns. I'm not sure what the impact of this is.
description: | updated |
Changed in manila: | |
status: | New → Confirmed |
tags: | added: low-hanging-fruit |
information type: | Public → Public Security |
Changed in manila: | |
importance: | Undecided → Low |
milestone: | none → victoria-3 |
To post a comment you must log in.
Please don't switch a bug to Public Security (or Private Security) without first explaining why you suspect it represents a security vulnerability.