1 Errata patch for CVE-2014-9684 |
|
2 https://review.openstack.org/157067 |
|
3 git fetch https://review.openstack.org/openstack/glance refs/changes/67/157067/3 && git format-patch -1 --stdout FETCH_HEAD |
|
4 Fixed upstream and in a future release. |
|
5 --- |
|
6 From: Mike Fedosin <[email protected]> |
|
7 Date: Thu, 18 Sep 2014 18:07:42 +0400 |
|
8 Subject: [PATCH] Initiate deletion of image files if the import was |
|
9 interrupted |
|
10 |
|
11 If the image is deleted by appropriate API call while its content |
|
12 is still being uploaded in import task in v2, an exception is raised |
|
13 and it is not handled in the API code. This leads to the fact that |
|
14 the uploaded image file stays in a storage and clogs it. |
|
15 |
|
16 There existed code that safely removes image files if the exception |
|
17 occurs. |
|
18 |
|
19 SecurityImpact |
|
20 |
|
21 Conflicts: |
|
22 glance/common/scripts/image_import/main.py |
|
23 |
|
24 Closes-Bug: 1371118 |
|
25 Change-Id: I4f7d1aa103f4ce7abf4026e7097b9e76c24135fa |
|
26 (cherry picked from commit 7858d4d95154c8596720365e465cca7858cfec5c) |
|
27 --- glance-2014.2.2/glance/common/scripts/image_import/main.py |
|
28 +++ glance-2014.2.2/glance/common/scripts/image_import/main.py |
|
29 @@ -22,6 +22,7 @@ import six |
|
30 from glance.api.v2 import images as v2_api |
|
31 from glance.common import exception |
|
32 from glance.common.scripts import utils as script_utils |
|
33 +from glance.common import store_utils |
|
34 from glance.common import utils as common_utils |
|
35 from glance import i18n |
|
36 from glance.openstack.common import excutils |
|
37 @@ -92,21 +93,30 @@ def import_image(image_repo, image_factory, task_input, task_id, uri): |
|
38 new_image = image_repo.get(image_id) |
|
39 set_image_data(new_image, uri, None) |
|
40 |
|
41 - # NOTE: Check if the Image is not deleted after setting the data |
|
42 - # before saving the active image. Here if image status is |
|
43 - # saving, then new_image is saved as it contains updated location, |
|
44 - # size, virtual_size and checksum information and the status of |
|
45 - # new_image is already set to active in set_image_data() call. |
|
46 - image = image_repo.get(image_id) |
|
47 - if image.status == 'saving': |
|
48 - image_repo.save(new_image) |
|
49 - return image_id |
|
50 - else: |
|
51 - msg = _LE("The Image %(image_id)s object being created by this task " |
|
52 - "%(task_id)s, is no longer in valid status for further " |
|
53 - "processing." % {"image_id": new_image.image_id, |
|
54 - "task_id": task_id}) |
|
55 - raise exception.Conflict(msg) |
|
56 + try: |
|
57 + # NOTE: Check if the Image is not deleted after setting the data |
|
58 + # before saving the active image. Here if image status is |
|
59 + # saving, then new_image is saved as it contains updated location, |
|
60 + # size, virtual_size and checksum information and the status of |
|
61 + # new_image is already set to active in set_image_data() call. |
|
62 + image = image_repo.get(image_id) |
|
63 + if image.status == 'saving': |
|
64 + image_repo.save(new_image) |
|
65 + return image_id |
|
66 + else: |
|
67 + msg = _("The Image %(image_id)s object being created by this task " |
|
68 + "%(task_id)s, is no longer in valid status for further " |
|
69 + "processing.") % {"image_id": image_id, |
|
70 + "task_id": task_id} |
|
71 + raise exception.Conflict(msg) |
|
72 + except (exception.Conflict, exception.NotFound): |
|
73 + with excutils.save_and_reraise_exception(): |
|
74 + if new_image.locations: |
|
75 + for location in new_image.locations: |
|
76 + store_utils.delete_image_location_from_backend( |
|
77 + new_image.context, |
|
78 + image_id, |
|
79 + location) |
|
80 |
|
81 |
|
82 def create_image(image_repo, image_factory, image_properties, task_id): |
|