Glance

glance use insecure cryptographic algorithm: md5, to verify image integrity.

Bug #1942270 reported by Kevin Li on 2021-09-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	New	Undecided	Unassigned

Bug Description

OpenStack components default use md5 checksum image.SHA256, SHA512, or other more secure algorithms should be used.
  Pre-conditions: NA
  Step-by-step reproduction steps: NA
  Expected output: NA
  Actual output: NA

Version: Train

Environment: NA

Perceived severity: NA

Tags (Affected component): NA

Attachments: glance uses MD5 as the checksum by default.
For example:
glance/image_cache/__init__.py
  def cache_tee_iter(self, image_id, image_iter, image_checksum):
    try:
        current_checksum = hashlib.md5()

        with self.driver.open_for_write(image_id) as cache_file:
            for chunk in image_iter:
                try:
                    cache_file.write(chunk)
                finally:
                    current_checksum.update(chunk)
                    yield chunk
            cache_file.flush()

            if (image_checksum and
                    image_checksum != current_checksum.hexdigest()):
                msg = _("Checksum verification failed. Aborted "
                        "caching of image '%s'.") % image_id
                raise exception.GlanceException(msg)

Revision history for this message

Cyril Roelandt (cyril-roelandt) wrote on 2021-09-23:

Isn't this fixed thanks to the implementation of multihash? See https://specs.openstack.org/openstack/glance-specs/specs/rocky/implemented/glance/multihash.html .

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.