yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #88636
[Bug 1968343] [NEW] Security Group Rule create with forged integer security_group_id causes exceptions
Public bug reported:
Assuming a project xyz has Security Groups, following POST requests
fails with HTTP 500 ValueError:
/v2.0/security-group-rules
{
"security_group_rule": {
"direction": "egress",
"ethertype": "IPv4",
"port_range_max": 443,
"port_range_min": 443,
"project_id": "xyz",
"protocol": "tcp",
"remote_ip_prefix": "34.231.24.224/32",
"security_group_id": 0
}
}
The value error is raised by python uuid with `badly formed hexadecimal UUID string`.
This is because the prior validation _check_security_group in securitygroups_db.py is using
sg_obj.SecurityGroup.objects_exist(context, id=id) which yields true with MySQL, e.g.:
MariaDB [neutron]> SELECT count(*) FROM securitygroups WHERE securitygroups.id IN (0);
+----------+
| count(*) |
+----------+
| 15 |
+----------+
1 row in set, 46 warnings (0.001 sec)
MariaDB [neutron]> SHOW WARNINGS LIMIT 1;
+---------+------+--------------------------------------------------------------------------+
| Level | Code | Message |
+---------+------+--------------------------------------------------------------------------+
| Warning | 1292 | Truncated incorrect DOUBLE value: '77dd53b2-59c0-4208-b03c-9f9f65bf9a28' |
+---------+------+--------------------------------------------------------------------------+
1 row in set (0.000 sec)
Thus, the validation succeeds and the code path is followed till the id
is converted to a UUID - which causes the unexpected exception.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1968343
Title:
Security Group Rule create with forged integer security_group_id
causes exceptions
Status in neutron:
New
Bug description:
Assuming a project xyz has Security Groups, following POST requests
fails with HTTP 500 ValueError:
/v2.0/security-group-rules
{
"security_group_rule": {
"direction": "egress",
"ethertype": "IPv4",
"port_range_max": 443,
"port_range_min": 443,
"project_id": "xyz",
"protocol": "tcp",
"remote_ip_prefix": "34.231.24.224/32",
"security_group_id": 0
}
}
The value error is raised by python uuid with `badly formed hexadecimal UUID string`.
This is because the prior validation _check_security_group in securitygroups_db.py is using
sg_obj.SecurityGroup.objects_exist(context, id=id) which yields true with MySQL, e.g.:
MariaDB [neutron]> SELECT count(*) FROM securitygroups WHERE securitygroups.id IN (0);
+----------+
| count(*) |
+----------+
| 15 |
+----------+
1 row in set, 46 warnings (0.001 sec)
MariaDB [neutron]> SHOW WARNINGS LIMIT 1;
+---------+------+--------------------------------------------------------------------------+
| Level | Code | Message |
+---------+------+--------------------------------------------------------------------------+
| Warning | 1292 | Truncated incorrect DOUBLE value: '77dd53b2-59c0-4208-b03c-9f9f65bf9a28' |
+---------+------+--------------------------------------------------------------------------+
1 row in set (0.000 sec)
Thus, the validation succeeds and the code path is followed till the
id is converted to a UUID - which causes the unexpected exception.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1968343/+subscriptions
Follow ups