--- a/components/openstack/glance/patches/07-CVE-2014-9493.patch Thu Apr 16 01:36:32 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,140 +0,0 @@
-This patch fixes bug 1400966 for Havana.
-https://bugs.launchpad.net/glance/+bug/1400966
-
-commit 8bdb7ed9f5beaf816e7abba726904646bf3680dd
-Author: Zhi Yan Liu <[email protected]>
-Date: Mon Dec 15 12:29:55 2014 +0800
-
- To prevent client use v2 patch api to handle file and swift location
-
- The change will be used to restrict client to download and delete any
- file in glance-api server. The same resone and logic as what we did in
- v1:
- https://github.com/openstack/glance/blob/master/glance/api/v1/images.py#L429
-
- Closes-Bug: bug/1400966
- DocImpact
-
- Conflicts:
- glance/api/v1/images.py
- glance/common/store_utils.py
- glance/location.py
- glance/tests/functional/v1/test_copy_to_file.py
- glance/tests/functional/v2/test_images.py
- glance/tests/unit/test_store_image.py
- glance/tests/unit/test_store_location.py
- glance/tests/unit/utils.py
- glance/tests/unit/v1/test_api.py
-
- (cherry picked from commit 4afdb017aa1ccef01482f117cb8d0736a6da38ed)
- Signed-off-by: Zhi Yan Liu <[email protected]>
- Change-Id: I72dbead3cb2dcb87f52658ddb880e26880cc229b
-
---- glance-2013.2.3/glance/api/v1/images.py.orig 2014-12-23 08:16:59.633230138 -0800
-+++ glance-2013.2.3/glance/api/v1/images.py 2014-12-23 08:19:15.059375018 -0800
-@@ -50,7 +50,8 @@ import glance.registry.client.v1.api as
- from glance.store import (get_from_backend,
- get_size_from_backend,
- get_store_from_location,
-- get_store_from_scheme)
-+ get_store_from_scheme,
-+ validate_external_location)
-
- LOG = logging.getLogger(__name__)
- SUPPORTED_PARAMS = glance.api.v1.SUPPORTED_PARAMS
-@@ -375,20 +376,19 @@ class Controller(controller.BaseControll
- @staticmethod
- def _validate_source(source, req):
- """
-- External sources (as specified via the location or copy-from headers)
-- are supported only over non-local store types, i.e. S3, Swift, HTTP.
-- Note the absence of file:// for security reasons, see LP bug #942118.
-- If the above constraint is violated, we reject with 400 "Bad Request".
-+ To validate if external sources (as specified via the location
-+ or copy-from headers) are supported. Otherwise we reject
-+ with 400 "Bad Request".
- """
- if source:
-- for scheme in ['s3', 'swift', 'http', 'rbd', 'sheepdog', 'cinder']:
-- if source.lower().startswith(scheme):
-- return source
-- msg = _("External sourcing not supported for store %s") % source
-- LOG.debug(msg)
-- raise HTTPBadRequest(explanation=msg,
-- request=req,
-- content_type="text/plain")
-+ if validate_external_location(source):
-+ return source
-+ else:
-+ msg = _("External source are not supported: '%s'") % source
-+ LOG.debug(msg)
-+ raise HTTPBadRequest(explanation=msg,
-+ request=req,
-+ content_type="text/plain")
-
- @staticmethod
- def _copy_from(req):
---- glance-2013.2.3/glance/store/__init__.py.orig 2014-12-23 08:20:52.254600393 -0800
-+++ glance-2013.2.3/glance/store/__init__.py 2014-12-23 08:23:48.661399000 -0800
-@@ -21,6 +21,7 @@ import sys
- import time
-
- from oslo.config import cfg
-+import six.moves.urllib.parse as urlparse
-
- from glance.common import crypt
- from glance.common import exception
-@@ -369,6 +370,24 @@ def set_acls(context, location_uri, publ
- LOG.debug(_("Skipping store.set_acls... not implemented."))
-
-
-+def validate_external_location(uri):
-+ """
-+ Validate if URI of external location are supported.
-+
-+ Only over non-local store types are OK, i.e. S3, Swift,
-+ HTTP. Note the absence of 'file://' for security reasons,
-+ see LP bug #942118, 1400966, 'swift+config://' is also
-+ absent for security reasons, see LP bug #1334196.
-+
-+ :param uri: The URI of external image location.
-+ :return: Whether given URI of external image location are OK.
-+ """
-+ pieces = urlparse.urlparse(uri)
-+ valid_schemes = [scheme for scheme in location.SCHEME_TO_CLS_MAP.keys()
-+ if scheme != 'file' and scheme != 'swift+config']
-+ return pieces.scheme in valid_schemes
-+
-+
- class ImageRepoProxy(glance.domain.proxy.Repo):
-
- def __init__(self, image_repo, context, store_api):
-@@ -401,22 +420,23 @@ class ImageRepoProxy(glance.domain.proxy
-
-
- def _check_location_uri(context, store_api, uri):
-- """
-- Check if an image location uri is valid.
-+ """Check if an image location is valid.
-
- :param context: Glance request context
- :param store_api: store API module
- :param uri: location's uri string
- """
-+
- is_ok = True
- try:
-- size = store_api.get_size_from_backend(context, uri)
- # NOTE(zhiyan): Some stores return zero when it catch exception
-- is_ok = size > 0
-+ is_ok = (store_api.validate_external_location(uri) and
-+ store_api.get_size_from_backend(context, uri) > 0)
- except (exception.UnknownScheme, exception.NotFound):
- is_ok = False
- if not is_ok:
-- raise exception.BadStoreUri(_('Invalid location: %s') % uri)
-+ reason = _('Invalid location')
-+ raise exception.BadStoreUri(message=reason)
-
-
- def _check_image_location(context, store_api, location):