StarlingX

Erratic IPv4 validation

Bug #1938467 reported by Fernando Theirs
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
In Progress
Low
Luis Eduardo Angelini Marquitti

Bug Description

Brief Description
-----------------
Using service-parameter and setting an IPv4 address could lead into some issues.
Since IPv4, IPv6 and hostnames are accepted, there is a logic that detects which type is used. Then it validates the value. However, some invalid ranges from IPv4 will be rejected but some others will fall into domain check and pass.

Some examples to make it clearer:

IPv4 accepted: 192.168.0.1:12345
IPv4 rejected: 292.168.0.1:12345
IPv4 accepted by domain validator: 192.168.0.999999:12345

This issue can be seen on utils.py from sysinv/sysinv/sysinv/common under is_valid_domain_or_ip function.

Severity
--------
Minor

Steps to Reproduce
------------------
From active controller run:
source /etc/platform/openrc
system service-parameter add platform collectd network_servers=Host1:Port1,Host2:Port2,...,HostN:PortN

Where Host can be an IPv4, IPv6 or hostname and port any uint16 value.

Expected Behavior
------------------
Invalid ranges for IPv4 must be rejected

Actual Behavior
----------------

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
AIO-SX, AIO-DX

Branch/Pull Time/Commit
-----------------------

Last Pass
---------

Timestamp/Logs
--------------

Test Activity
-------------

Workaround
----------

Tags: stx.config
Ghada Khalil (gkhalil)
tags: added: stx.config
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/config/+/819475

Changed in starlingx:
status: New → In Progress
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Luis Eduardo Angelini Marquitti (leduard1)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/819475
Committed: https://opendev.org/starlingx/config/commit/70eac8bd1f6c237d475ae15f4cae715ddf110f31
Submitter: "Zuul (22348)"
Branch: master

commit 70eac8bd1f6c237d475ae15f4cae715ddf110f31
Author: Luis Eduardo Angelini Marquitti <email address hidden>
Date: Fri Nov 26 10:27:13 2021 -0300

    Improving IPV4 validation for configs

    Added routine to verify if the address is in a IPV4 format and reordered
    validation steps.
    Added IPv6 port range validation.
    Added tests for method is_valid_domain_or_ip.

    Test Plan:

    PASS: Added new valid IPV4 IPs to parameters
            (Ex: 192.168.0.10:5000, 10.10.10.10:8080)
    PASS: Exception when trying to add invalid IPV4 IPs
            (Ex: 500.10.10.20:8080, 10.10.10.10:9999999, 192.168.0.999999:12345)
    PASS: Exception when trying to add IPv6 with an invalid port
            (Ex:[::]:75535, [1fff:0:a88:85a3::ac1f]:99999, [1fff:0:a88:85a3::ac1f]:90a90)

    Closes-Bug: #1938467

    Signed-off-by: Luis Eduardo Angelini Marquitti <email address hidden>
    Change-Id: I2e326d6e5f08f9457ac80233294fcceb47c38658

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
Adriano Oliveira (aoliveir) wrote :

This was reverted to fix https://bugs.launchpad.net/starlingx/+bug/1957836

Revision history for this message
Ghada Khalil (gkhalil) wrote (last edit ):

Re-opening this LP given the fix was reverted as per the note above. If there is no plan to pursue this any further, please mark as Won't Fix. Otherwise, the same LP should be used to re-introduce the fix once it is re-worked.

Changed in starlingx:
status: Fix Released → Triaged
Revision history for this message
Luis Eduardo Angelini Marquitti (leduard1) wrote :

This LP is now fixed on this new review: https://review.opendev.org/c/starlingx/config/+/824654

Changed in starlingx:
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.