yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87117
[Bug 1942179] Re: Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)
Reviewed: https://review.opendev.org/c/openstack/ossa/+/807942
Committed: https://opendev.org/openstack/ossa/commit/4f5d81b664a81ad7ba4856fbabe1d3f1f12a14e8
Submitter: "Zuul (22348)"
Branch: master
commit 4f5d81b664a81ad7ba4856fbabe1d3f1f12a14e8
Author: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Wed Sep 8 20:15:03 2021 +0000
Add OSSA-2021-006 (CVE-2021-40797)
Change-Id: Ie61b5ffbec78e8c90e5ad773c9479f0d7ae1b932
Closes-Bug: #1942179
** Changed in: ossa
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-40797
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1942179
Title:
Routes middleware memory leak for nonexistent controllers
(CVE-2021-40797)
Status in neutron:
Fix Released
Status in OpenStack Security Advisory:
Fix Released
Bug description:
Authorized cloud user may do API requests to neutron to not existing
endpoints, like e.g.:
curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept:
application/json" -H "User-Agent: openstacksdk/0.59.0
keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-
Token: $token"
and each such request will increase memory consumption of the neutron-
api worker process.
What I did was:
* start neutron server with just one api worker (easier to calculate
memory consumption but it would be the same leak in case of more
workers too). Memory consumption was:
sudo pmap 212436 | tail -n 1
total 183736K
* now run command like:
$ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET
http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H
"User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-
requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1
>/dev/null; i=$(( i+1 )); sleep 0.01; done
* check memory consumption of the same api worker now:
sudo pmap 212436 | tail -n 1
total 457896K
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1942179/+subscriptions