yahoo-eng-team team mailing list archive

[Tristan Cacqueray <tristan.cacqueray@xxxxxxxxxxxx>]

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1414529

Title:
  eval being used in session.py

Status in OpenStack Compute (Nova):
  New
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  There's a FIXME comment saying eval is evil (which it is obviously) in
  the file below:

  /opt/stack/nova/nova/virt/xenapi/client/session.py

      def _unwrap_plugin_exceptions(self, func, *args, **kwargs):
          """Parse exception details."""
          try:
              return func(*args, **kwargs)
          except self.XenAPI.Failure as exc:
              LOG.debug("Got exception: %s", exc)
              if (len(exc.details) == 4 and
                  exc.details[0] == 'XENAPI_PLUGIN_EXCEPTION' and
                      exc.details[2] == 'Failure'):
                  params = None
                  try:
                      # FIXME(comstud): eval is evil.           
                      params = eval(exc.details[3])             <--- here
                  except Exception:
                      raise exc
                  raise self.XenAPI.Failure(params)
              else:
                  raise
          except xmlrpclib.ProtocolError as exc:
              LOG.debug("Got exception: %s", exc)
              raise

  This should indeed be fixed as it looks that an arbitrary plugin can now
  potentially achieve arbitrary code execution by throwing specifically
  prepared XenAPI Failure Exceptions.

  This code has been here from the beginning according to the git logs at
  http://git.openstack.org/cgit/openstack/nova/log/nova/virt/xenapi/client/session.py
  so the FIXME coomment has existed since at least 2013-11-22.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1414529/+subscriptions