Overlay/sys-cluster/nova/files/2013.1.3-CVE-2013-4278.patch

88 lines
3.5 KiB
Diff

From 8b686195afe7e6dfb46c56c1ef2fe9c993d8e495 Mon Sep 17 00:00:00 2001
From: Russell Bryant <rbryant@redhat.com>
Date: Tue, 20 Aug 2013 11:06:12 -0400
Subject: [PATCH] Enforce flavor access during instance boot
The code in the servers API did not pass the context when retrieving
flavor details. That means it would use an admin context instead,
bypassing all flavor access control checks.
This patch includes the fix, and the corresponding unit test for the v2
API.
Closes-bug: #1212179
(cherry picked from commit 4054cc4a22a1fea997dec76afb5646fd6c6ea6b9)
Conflicts:
nova/api/openstack/compute/plugins/v3/servers.py
nova/api/openstack/compute/servers.py
nova/tests/api/openstack/compute/plugins/v3/test_servers.py
nova/tests/api/openstack/compute/test_servers.py
Change-Id: I681ae9965e19767df22fa74c3315e4e03a459d3b
---
nova/api/openstack/compute/servers.py | 3 ++-
nova/tests/api/openstack/compute/test_servers.py | 22 ++++++++++++++++++++--
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py
index 85ef080..6c38219 100644
--- a/nova/api/openstack/compute/servers.py
+++ b/nova/api/openstack/compute/servers.py
@@ -873,7 +873,8 @@ class Controller(wsgi.Controller):
try:
_get_inst_type = instance_types.get_instance_type_by_flavor_id
- inst_type = _get_inst_type(flavor_id, read_deleted="no")
+ inst_type = _get_inst_type(flavor_id, ctxt=context,
+ read_deleted="no")
(instances, resv_id) = self.compute_api.create(context,
inst_type,
diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py
index 7748c2e..89d0f8a 100644
--- a/nova/tests/api/openstack/compute/test_servers.py
+++ b/nova/tests/api/openstack/compute/test_servers.py
@@ -1822,10 +1822,10 @@ class ServersControllerCreateTest(test.TestCase):
"""utility function - check server_dict for absence of adminPass."""
self.assertTrue("adminPass" not in server_dict)
- def _test_create_instance(self):
+ def _test_create_instance(self, flavor=2):
image_uuid = 'c905cedb-7281-47e4-8a62-f26bc5fc4c77'
body = dict(server=dict(
- name='server_test', imageRef=image_uuid, flavorRef=2,
+ name='server_test', imageRef=image_uuid, flavorRef=flavor,
metadata={'hello': 'world', 'open': 'stack'},
personality={}))
req = fakes.HTTPRequest.blank('/v2/fake/servers')
@@ -1837,6 +1837,24 @@ class ServersControllerCreateTest(test.TestCase):
self._check_admin_pass_len(server)
self.assertEqual(FAKE_UUID, server['id'])
+ def test_create_instance_private_flavor(self):
+ values = {
+ 'name': 'fake_name',
+ 'memory_mb': 512,
+ 'vcpus': 1,
+ 'root_gb': 10,
+ 'ephemeral_gb': 10,
+ 'flavorid': '1324',
+ 'swap': 0,
+ 'rxtx_factor': 0.5,
+ 'vcpu_weight': 1,
+ 'disabled': False,
+ 'is_public': False,
+ }
+ db.instance_type_create(context.get_admin_context(), values)
+ self.assertRaises(webob.exc.HTTPBadRequest, self._test_create_instance,
+ flavor=1324)
+
def test_create_server_bad_image_href(self):
image_href = 1
flavor_ref = 'http://localhost/123/flavors/3'
--
1.8.1.5