Stacktrace is visible for api call exceptions

Bug #869132 reported by Stanislaw Pitucha on 2011-10-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Stanislaw Pitucha

Bug Description

Stacktrace is visible for the api users in case some internal exception occurs. This should not be possible for both user-friendliness reasons and to limit potential security problems of revealing failing component.

Brian Lamar (blamar) on 2011-10-08
Changed in nova:
assignee: nobody → Stanislaw Pitucha (stanislaw-pitucha)
status: New → In Progress
Thierry Carrez (ttx) on 2011-10-21
Changed in nova:
importance: Undecided → Medium
security vulnerability: no → yes
Changed in nova:
importance: Medium → Low

Submitter: Jenkins
Branch: master

 status fixcommitted

commit 68111826afed69076d8b09363bb1191ecebe3b53
Author: Ahmad Hassan <email address hidden>
Date: Thu Oct 6 11:16:32 2011 +0100

    Capture exceptions happening in API layer

    Added the faulwrapper around EC2 api so that it captures any unseen
    exceptions and return a graceful error back. Also changed the openstack
    exception message. The actual exception message will be printed in the
    logs and would not return back the user.
    Removed openstack wsgi dependency from
    EC2 fault wrapper. Added unit tests for
    EC2 fault wrapper
    Fixes bug 869132.

    Change-Id: I03d18f321f141ae96f1add99ea0b70e736253c89

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2011-11-25
Changed in nova:
milestone: none → essex-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in nova:
milestone: essex-1 → 2012.1
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers