OpenStack Compute (nova)

nova.console.websocketproxy fails if there is a cookie with invalid name

Bug #1496932 reported by Ivan Mironov on 2015-09-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Low	Ivan Mironov

Bug Description

If cookie with invalid name (with '?' for example) is passed in the query, websocketproxy will fail to handle this query. Because of this, instance console is not working in Horizon ("Failed to connect to server (code: 1006)"). Easiest way to reproduce:

$ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed
curl: (52) Empty reply from server

This request leads to following message in nova-novncproxy.log:

2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-] handler exception: Illegal key value: ?

In real world this may happen when horizon is running on subdomain (e.g. sub.example.com), while some other "broken" application on parent domain (e.g. example.com) sets cookie with invalid name.

See original description

Tags:

Ivan Mironov (mironov-ivan) on 2015-09-17

Changed in nova:
assignee:	nobody → Ivan Mironov (mironov-ivan)
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-17: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/224854

Changed in nova:
status:	New → In Progress

Andrew Laski (alaski) on 2015-09-17

tags:	added: console
Changed in nova:
importance:	Undecided → Low

Revision history for this message

stgleb (gstepanov) wrote on 2016-07-13:

Ivan, are you still working on this bug?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-26: Fix merged to nova (master)

Reviewed: https://review.openstack.org/346090
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=6b3b7296b997d83bf272abc78581c6afb5d4131e
Submitter: Jenkins
Branch: master

commit 6b3b7296b997d83bf272abc78581c6afb5d4131e
Author: Gleb Stepanov <email address hidden>
Date: Fri Jul 22 18:37:48 2016 +0300

Skip malformed cookies

Skip malformed cookies when parsing Cookie
header in websocketproxy.py.

Change-Id: I4091bd641ca3911666da328488c337835405400f
Closes-Bug: #1496932

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-29: Change abandoned on nova (master)

Change abandoned by Alexis Lee (<email address hidden>) on branch: master
Review: https://review.openstack.org/347750

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-25:

Change abandoned by Michael Still (<email address hidden>) on branch: master
Review: https://review.openstack.org/224854
Reason: This patch has been sitting unchanged for more than 12 weeks. I am therefore going to abandon it to keep the nova review queue sane. Please feel free to restore the change if you're still working on it.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-17: Fix included in openstack/nova 15.0.0.0b1

This issue was fixed in the openstack/nova 15.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.