Glance

Glance copy_from should gracefully handle file store

Bug #942118 reported by Brian Waldon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Eoghan Glynn
Glance 2012.1 "essex"

Bug Description

If you try to add an image with copy_from set to file:///somewhere, the API returns a 500 due to a NotImplementedError raised from get_size in the filesystem store driver. Ideally, the user would not be able to upload an image and ask the api to read from the local filesystem for security reasons.

This is not a security bug at the moment due to the 500.

Revision history for this message
Eoghan Glynn (eglynn) wrote :

Looking at this in more detail, it turns out we've had the same issue with location=file:///somewhere, again masked by the NotImplemented on glance.store.filesystem.Store.get_size().

So the fix should address both the copy_from and location styles of external source.

Changed in glance:
milestone: none → essex-4
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/4602

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/4602
Committed: http://github.com/openstack/glance/commit/e653a0032d21729ebd4ec4edd0045cad0f0ab430
Submitter: Jenkins
Branch: master

commit e653a0032d21729ebd4ec4edd0045cad0f0ab430
Author: Eoghan Glynn <email address hidden>
Date: Mon Feb 27 22:57:12 2012 +0000

    Disallow file:// sources on location or copy-from.

    Fixes bug #942118

    For security reasons, file:// URIs local to the glance services
    should not be supported as external sources (as specified via the
    x-image-meta-location or x-glance-api-copy-from headers).

    Change-Id: I43763cbefba95153434c7dcdcce3765ed04e05fe

Changed in glance:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/4702

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (milestone-proposed)

Reviewed: https://review.openstack.org/4702
Committed: http://github.com/openstack/glance/commit/1337a510a1568dc0f3eac2e8574a414c6b681139
Submitter: Jenkins
Branch: milestone-proposed

commit 1337a510a1568dc0f3eac2e8574a414c6b681139
Author: Eoghan Glynn <email address hidden>
Date: Mon Feb 27 22:57:12 2012 +0000

    Disallow file:// sources on location or copy-from.

    Fixes bug #942118

    For security reasons, file:// URIs local to the glance services
    should not be supported as external sources (as specified via the
    x-image-meta-location or x-glance-api-copy-from headers).

    Change-Id: I43763cbefba95153434c7dcdcce3765ed04e05fe

Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: essex-4 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.