Incorrect regular expressions used for schema validation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Designate |
Fix Released
|
Critical
|
Kiall Mac Innes | ||
Juno |
Fix Committed
|
Critical
|
Kiall Mac Innes | ||
Kilo |
Fix Committed
|
Critical
|
Kiall Mac Innes | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The regular expressions listed in designate/
Submitting a record creation request with "name" ending with "\n" currently results in an internal server, with the following traceback in the log file:
Traceback (most recent call last):
File "/usr/lib/
executor_
File "/usr/lib/
return super(RPCDispat
File "/usr/lib/
executor_
File "/usr/lib/
result = func(ctxt, **new_args)
File "/usr/lib/
result = f(self, *args, **kwargs)
File "/usr/lib/
result = f(self, *args, **kwargs)
File "/usr/lib/
context, domain, recordset, increment_
File "/usr/lib/
**copy.
File "/usr/lib/
self.
File "/usr/lib/
six.
File "/usr/lib/
result = f(self, *args, **kwargs)
File "/usr/lib/
self.
File "/usr/lib/
raise ValueError('Please supply a FQDN')
ValueError: Please supply a FQDN
If such additional checks are everywhere, the incorrect regular expressions should be harmless, and the security flag can be removed.
Downstream bug: https:/
Changed in designate: | |
assignee: | nobody → Kiall Mac Innes (kiall) |
Changed in designate: | |
milestone: | none → liberty-2 |
importance: | Undecided → Critical |
Changed in designate: | |
status: | In Progress → Fix Committed |
Changed in designate: | |
status: | Fix Committed → Fix Released |
Changed in designate: | |
milestone: | liberty-2 → 1.0.0 |
tags: | added: security |
Fix proposed to branch: stable/kilo /review. openstack. org/198379
Review: https:/