[OSSA 2015-004] Image file stays in store if image has been deleted during upload (CVE-2014-9684)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Medium
|
Mike Fedosin | ||
Icehouse |
Invalid
|
Undecided
|
Unassigned | ||
Juno |
Fix Released
|
Medium
|
Abhishek Kekane | ||
OpenStack Security Advisory |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When I create a new task in v2 to upload an image, it creates the image record in db, sets status to "saving" and then begins the uploading.
If the image is deleted by appropriate API call while its content is still being uploaded, an exception is raised and it is not handled in the API code. This leads to the fact that the uploaded image file stays in a storage and clogs it.
File "/opt/stack/
uri)
File "/opt/stack/
new_image = image_repo.
File "/opt/stack/
image = self.image_
File "/opt/stack/
return self.helper.
File "/opt/stack/
return super(ImageRepo
File "/opt/stack/
return self.helper.
File "/opt/stack/
return self.helper.
File "/opt/stack/
return self.helper.
File "/opt/stack/
NotFound: No image found with ID e2285448-
This bug is very similar to https:/
Changed in glance: | |
assignee: | nobody → Mike Fedosin (mfedosin) |
Changed in glance: | |
importance: | Undecided → Medium |
Changed in glance: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
summary: |
Image file stays in store if image has been deleted during upload + (CVE-2014-9684) |
Changed in ossa: | |
status: | New → In Progress |
importance: | Undecided → Medium |
summary: |
- Image file stays in store if image has been deleted during upload - (CVE-2014-9684) + [OSSA 2015-004] Image file stays in store if image has been deleted + during upload (CVE-2014-9684) |
no longer affects: | glance/kilo |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | kilo-1 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/122427
Review: https:/