Adding image member throws 500 when the member name is longer than 255 characters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Won't Fix
|
High
|
Kamil Rykowski | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
When adding a member to an image, if the member name is longer than 255 characters, Glance registry fails with a 500.
Reproduction in devstack:
glance member-create 749f53d4-
HTTPInternalSer
Error in registry logs:
DBError: (DataError) (1406, "Data too long for column 'member' at row 1") 'INSERT INTO image_members (created_at, updated_at, deleted_at, deleted, image_id, member, can_share, status) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)' (datetime.
2015-02-20 19:08:16.380 18844 INFO glance.wsgi.server [9719e12b-
Changed in ossa: | |
status: | New → Incomplete |
Changed in glance: | |
assignee: | nobody → Hemanth Makkapati (hemanth-makkapati) |
description: | updated |
Changed in glance: | |
assignee: | Hemanth Makkapati (hemanth-makkapati) → Kamil Rykowski (kamil-rykowski) |
status: | Triaged → In Progress |
tags: | added: image-sharing |
You forgot to include a description of how you would expect an attacker to exploit this bug, since you have marked it as a suspected security vulnerability. Or did you set this bug to private security in error?