equal
deleted
inserted
replaced
|
1 Errata patch for CVE-2014-9493. This addresses |
|
2 https://bugs.launchpad.net/ossa/+bug/1408663 and will be included in |
|
3 future releases. |
|
4 |
|
5 --- glance-2013.2.3/glance/store/__init__.py.orig 2015-01-20 12:17:34.009133229 -0800 |
|
6 +++ glance-2013.2.3/glance/store/__init__.py 2015-01-20 12:20:49.414482608 -0800 |
|
7 @@ -35,6 +35,8 @@ from glance.store import scrubber |
|
8 |
|
9 LOG = logging.getLogger(__name__) |
|
10 |
|
11 +RESTRICTED_URI_SCHEMAS = frozenset(['file', 'filesystem', 'swift+config']) |
|
12 + |
|
13 store_opts = [ |
|
14 cfg.ListOpt('known_stores', |
|
15 default=[ |
|
16 @@ -382,11 +384,11 @@ def validate_external_location(uri): |
|
17 :param uri: The URI of external image location. |
|
18 :return: Whether given URI of external image location are OK. |
|
19 """ |
|
20 - pieces = urlparse.urlparse(uri) |
|
21 - valid_schemes = [scheme for scheme in location.SCHEME_TO_CLS_MAP.keys() |
|
22 - if scheme != 'file' and scheme != 'swift+config'] |
|
23 - return pieces.scheme in valid_schemes |
|
24 |
|
25 + # TODO(gm): Use a whitelist of allowed schemes |
|
26 + scheme = urlparse.urlparse(uri).scheme |
|
27 + return (scheme in get_known_schemes() and |
|
28 + scheme not in RESTRICTED_URI_SCHEMAS) |
|
29 |
|
30 class ImageRepoProxy(glance.domain.proxy.Repo): |
|
31 |