yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #46716
[Bug 1289590] Re: SQL Error during update tenant and possibly other calls
This bug is no longer valid. XML support was removed in Kilo, which is
the oldest version we support. Marking as invalid.
** Changed in: keystone
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1289590
Title:
SQL Error during update tenant and possibly other calls
Status in OpenStack Identity (keystone):
Invalid
Bug description:
Attributes in the description cause sql error and 500. Possible injection.
PUT /v2.0/tenants/1234556 HTTP/1.1
Host: <not shown>:35357
X-Auth-Token: <not shown>
Content-Type: application/xml
Accept-Encoding: gzip, deflate, compress
Accept: application/xml
User-Agent: python-requests/2.2.1 CPython/2.7.4 Linux/3.11.0-17-generic
Content-Length: 245
<tenant enabled="false" name="ACME corp" id="1234556">
<description test=""></description>
</tenant>
Response
HTTP/1.1 500 Internal Server Error
Vary: X-Auth-Token
Content-Type: application/xml
Content-Length: 536
Date: Fri, 07 Mar 2014 21:16:52 GMT
<?xml version="1.0" encoding="UTF-8"?>
<error xmlns="http://docs.openstack.org/identity/api/v2.0"; message="An unexpected error prevented the server from fulfilling your request. (ProgrammingError) (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \': "\'\'"} WHERE project.id = \'1234556\'\' at line 1') 'UPDATE project SET description=%s WHERE project.id = %s' ({u'test': u''}, '1234556')" code="500" title="Internal Server Error"/>
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1289590/+subscriptions
