nova.console.websocketproxy fails if there is a cookie with invalid name

Bug #1496932 reported by Ivan Mironov on 2015-09-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Low
Ivan Mironov

Bug Description

If cookie with invalid name (with '?' for example) is passed in the query, websocketproxy will fail to handle this query. Because of this, instance console is not working in Horizon ("Failed to connect to server (code: 1006)"). Easiest way to reproduce:

    $ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed
    curl: (52) Empty reply from server

This request leads to following message in nova-novncproxy.log:

    2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-] handler exception: Illegal key value: ?

In real world this may happen when horizon is running on subdomain (e.g. sub.example.com), while some other "broken" application on parent domain (e.g. example.com) sets cookie with invalid name.

Changed in nova:
assignee: nobody → Ivan Mironov (mironov-ivan)
description: updated

Fix proposed to branch: master
Review: https://review.openstack.org/224854

Changed in nova:
status: New → In Progress
Andrew Laski (alaski) on 2015-09-17
tags: added: console
Changed in nova:
importance: Undecided → Low
stgleb (gstepanov) wrote :

Ivan, are you still working on this bug?

Reviewed: https://review.openstack.org/346090
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=6b3b7296b997d83bf272abc78581c6afb5d4131e
Submitter: Jenkins
Branch: master

commit 6b3b7296b997d83bf272abc78581c6afb5d4131e
Author: Gleb Stepanov <email address hidden>
Date: Fri Jul 22 18:37:48 2016 +0300

    Skip malformed cookies

    Skip malformed cookies when parsing Cookie
    header in websocketproxy.py.

    Change-Id: I4091bd641ca3911666da328488c337835405400f
    Closes-Bug: #1496932

Changed in nova:
status: In Progress → Fix Released

Change abandoned by Alexis Lee (<email address hidden>) on branch: master
Review: https://review.openstack.org/347750

Change abandoned by Michael Still (<email address hidden>) on branch: master
Review: https://review.openstack.org/224854
Reason: This patch has been sitting unchanged for more than 12 weeks. I am therefore going to abandon it to keep the nova review queue sane. Please feel free to restore the change if you're still working on it.

This issue was fixed in the openstack/nova 15.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers