Security issue: negative content-length
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
High
|
Unassigned |
Bug Description
This is the first of two bugs split-out of bug 903232. From that bug:
Regarding the negative length of the Content-Length header: this could cause a denial of service because the service would never be able to read until '-1' bytes and the server would be forced to timeout. Of course this is really no different than a user sending a POST with a Content-Length of 1 and never sending any data also causing a timeout. However, the difference here is that this could potentially be used by another yet to be found or in the future to be introduced vulnerability such as an integer overflow where having a negative Content-Length could potentially cause a greater vulnerability to occur. Since it's invalid to have a negative content length and it has the potential to cause problems later it would be best to fix it now.
Changed in swift: | |
importance: | Undecided → High |
status: | New → Confirmed |
visibility: | private → public |
Changed in swift: | |
milestone: | none → 1.4.6 |
status: | Confirmed → Fix Released |
From John Dickinson:
3) The Content-Length issue should be resolved by returning an error (Content-Length required). SInce we're using an evented server, it won't cause any DoS issues.