OpenStack Compute (nova)

Bug #1409142
Comment #120

Comment 120 for bug 1409142

Revision history for this message

Paul McMillan (paul-mcmillan) wrote on 2015-03-06: Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259)

#120

190.diff Edit (597 bytes, text/plain)

I applied this patch today to our system, and ran into trouble. Apparently the console type is 'novnc' instead of the 'vnc' that the patch looks for. I got this error:

94: handler exception: Invalid Console Type for WebSocketProxy: 'novnc'
94: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/websockify/websocket.py", line 711, in top_new_client
    self.new_client()
  File "/usr/lib/python2.7/dist-packages/nova/console/websocketproxy.py", line 94, in new_client
    origin.scheme):
  File "/usr/lib/python2.7/dist-packages/nova/console/websocketproxy.py", line 60, in verify_origin_proto
    raise exception.ValidationError(detail=detail)
ValidationError: Invalid Console Type for WebSocketProxy: 'novnc'

and applying the attached diff to the patched installation fixed it for me. We probably need to update the patches we sent out - can someone else verify this end-to-end with their novnc system to confirm it?