← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #38608

[Bug 1496932] [NEW] nova.console.websocketproxy fails if there is a cookie with invalid name

  Thread PreviousDate PreviousThread Next 
Public bug reported:

If cookie with invalid name (with '?' for example) is passed in the
query, websocketproxy will fail to handle this query. Easiest way to
reproduce:

    $ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed
    curl: (52) Empty reply from server

This request leads to following message in nova-novncproxy.log:

    2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-]
handler exception: Illegal key value: ?

In real world this may happen when horizon is running on subdomain (e.g.
sub.example.com), while some other "broken" application on parent domain
(e.g. example.com) sets cookie with invalid name.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1496932

Title:
  nova.console.websocketproxy fails if there is a cookie with invalid
  name

Status in OpenStack Compute (nova):
  New

Bug description:
  If cookie with invalid name (with '?' for example) is passed in the
  query, websocketproxy will fail to handle this query. Easiest way to
  reproduce:

      $ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed
      curl: (52) Empty reply from server

  This request leads to following message in nova-novncproxy.log:

      2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-]
  handler exception: Illegal key value: ?

  In real world this may happen when horizon is running on subdomain
  (e.g. sub.example.com), while some other "broken" application on
  parent domain (e.g. example.com) sets cookie with invalid name.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1496932/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next