OpenStack Security Advisory

  1. Bug #1482371
  2. Comment #49

Comment 49 for bug 1482371

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/226336
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=34f9f037136061f7437761e86ea9f0864b297619
Submitter: Jenkins
Branch: master

commit 34f9f037136061f7437761e86ea9f0864b297619
Author: Stuart McLaren <email address hidden>
Date: Tue Aug 11 10:37:09 2015 +0000

    Prevent image status being directly modified via v1

    Users shouldn't be able to change an image's status directly via the
    v1 API.

    Some existing consumers of Glance set the x-image-meta-status header in
    requests to the Glance API, eg:

    https://github.com/openstack/nova/blob/master/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance#L184

    We should try to prevent users setting 'status' via v1, but without breaking
    existing benign API calls such as these.

    I've adopted the following approach (which has some prior art in 'protected properties').

    If a PUT request is received which contains an x-image-meta-status header:

    * The user provided status is ignored if it matches the current image
      status (this prevents benign calls such as the nova one above from
      breaking). The usual code (eg 200) will be returned.

    * If the user provided status doesn't match the current image status (ie
      there is a real attempt to change the value) 403 will be returned. This
      will break any calls which currently intentionally change the status.

    APIImpact

    Closes-bug: 1482371

    Change-Id: I44fadf32abb57c962b67467091c3f51c1ccc25e6