Glance

exception.BadStoreUri exposes sensitive information to end users

Bug #1012268 reported by Brian Waldon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
High
Alex Meade
Glance 2012.2 "folsom"
Essex
Fix Released
High
Brian Waldon
Glance 2012.1.2
glance (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned

Bug Description

Wherever BadStoreUri is translated to a HTTPBadRequest and returned to the user, the store uri and some relevant explanation are given to the user. This will typically contain some of the configured swift credentials, which we do not want to present to the end-user.

Related branches

lp:~openstack-ubuntu-testing/glance/precise-essex-proposed
Ubuntu Server Developers: Pending requested
Diff: 31 lines (+10/-3)
2 files modified
debian/changelog (+6/-0)
debian/glance-common.postinst (+4/-3)
lp:ubuntu/precise-proposed/glance
Brian Waldon (bcwaldon)
Changed in glance:
assignee: nobody → Alex Meade (alex-meade)
Alex Meade (alex-meade)
Changed in glance:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/8562

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/8562
Committed: http://github.com/openstack/glance/commit/ed16167425c5a2a610ce503c3084bb3b2a03ae63
Submitter: Jenkins
Branch: master

commit ed16167425c5a2a610ce503c3084bb3b2a03ae63
Author: Alex Meade <email address hidden>
Date: Thu Jun 14 15:09:03 2012 -0400

    Stop revealing sensitive store info

    Use simpler error messages and log the details.

    Fixes bug: 1012268

    Change-Id: I3c4d98c81dee6676916c60e71a749037ae1edc81

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (stable/essex)

Fix proposed to branch: stable/essex
Review: https://review.openstack.org/10793

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (stable/essex)

Reviewed: https://review.openstack.org/10793
Committed: http://github.com/openstack/glance/commit/19c07722e6437d97082176172b8ef41389676782
Submitter: Jenkins
Branch: stable/essex

commit 19c07722e6437d97082176172b8ef41389676782
Author: Brian Waldon <email address hidden>
Date: Fri Aug 3 14:11:34 2012 -0700

    Stop revealing sensitive store info

    Use simpler error messages in exception.BadStoreUri
    and log the details.

    Fixes bug 1012268 specifically for stable/essex

    Change-Id: I8676a1281bd132d282b206730b12064b50805ef1

Dave Walker (davewalker)
Changed in glance (Ubuntu):
status: New → Fix Released
Changed in glance (Ubuntu Precise):
status: New → Confirmed
Revision history for this message
Adam Gandelman (gandelman-a) wrote : Verification report.

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, Glance has been deployed and configured across multiple nodes using precise-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

Please Note the list of installed packages at the top and bottom of the report.

For records of upstream test coverage of this update, please see the Jenkins links in the comments of the relevant upstream code-review(s):

Trunk review: https://review.openstack.org/8562
Stable review: https://review.openstack.org/10793

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

Test coverage log.

tags: added: verification-done
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glance - 2012.1.3+stable~20120821-120fcf-0ubuntu1

---------------
glance (2012.1.3+stable~20120821-120fcf-0ubuntu1) precise-proposed; urgency=low

  * New upstream snapshot. (LP: #1041120)
  * Resynchronzie with stable/essex:
    - Glance add uploads a double image if using ssl and images is smaller
      than 4k. (LP: #1007093)
    - If response.environ is None, instance fails to spawn.
      (LP: #1010560)
    - exception.BadStoreURL exposes sensitive information to end users.
      (LP: #1012268)
    - glance-cache.conf needs metadata encryption key (LP: #1012752)
    - image.upload notification doesn't report size (LP: #1018246)
    - Admins should be able to share image regardless of ownership.
      (LP: #1021054)
    - Glance scrubber date formatting fails with postgres (LP: #1022369)
    - Support zero-size image creation. (LP: #1025353)
    - Image id not contained in swift chunk debug message. (LP: #1028433)
    - qpid_heartbeat setting is ineffective. (LP: #1032314)
    - Image properties that reference image ids are not updated to UUIDs.
      (LP: #975651)
    - Migration 012_id_to_uuid attempts to convert IDs twice for non-sqlite
      databases. (LP: #975655)
    - multiprocess glance-api failed to exit when stopped by ctrl+c.
      (LP: #978130)
    - /usr/bin/glance's built-in pager breaks redirection.
      (LP: #978610)
    - Content-Length and Transfer-Encoding are mutually exclusive HTTP headers
      (LP: #981332)
    - glance add command - incorrect help text (LP: #997565)
  * debian/patches/convert_properties_to_uuid.patch: Dropped no longer
    needed.
  * debian/patches/fix-pep8-ubuntu.patch: Dropped no longer needed.
 -- Adam Gandelman <email address hidden> Fri, 24 Jun 2012 03:14:33 -0400

Changed in glance (Ubuntu Precise):
status: Confirmed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: folsom-2 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.