Glance does not sanity-check given image size on upload

Bug #909574 reported by Ewan Mellor
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Jay Pipes

Bug Description

Glance does not sanity-check the value of x-image-meta-size given on upload. Python integers can be arbitrarily large, and the HTTP header can be multiple K, so it's possible to set the image size to ridiculous values. I found this by setting it to 1 << (1 << 20) by accident, which is 300KB when stringified, but is still accepted by Glance.

This causes problems further downstream -- it takes ages to pass the value to the registry (eventually to be truncated at 1 << 63 when it's inserted into the database) and it causes the Swift backend to blow up because it is converted to a float at one point, which raises OverflowError.

Ewan Mellor (ewanmellor)
Changed in glance:
status: New → In Progress
assignee: nobody → Ewan Mellor (ewanmellor)
Revision history for this message
Jay Pipes (jaypipes) wrote :

Hey Ewan, agreed this is a problem. Is your plan to add checks in the client, in the API controller, the Registry controller, or all three?

Thanks much!
-jay

Changed in glance:
importance: Undecided → Medium
milestone: none → essex-3
Ewan Mellor (ewanmellor)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/2727

Revision history for this message
Ewan Mellor (ewanmellor) wrote :

I've just proposed what I had. That puts the check in api, but not registry. I don't mind either way whether we have a check in registry too -- up to you.

Changed in glance:
assignee: Ewan Mellor (ewanmellor) → Jay Pipes (jaypipes)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/2727
Committed: http://github.com/openstack/glance/commit/946278d1c709db2a5f850619ccd2d6ecf62e8f5a
Submitter: Jenkins
Branch: master

commit 946278d1c709db2a5f850619ccd2d6ecf62e8f5a
Author: Ewan Mellor <email address hidden>
Date: Wed Dec 28 21:25:25 2011 -0800

    Bug #909574: Glance does not sanity-check given image size on upload

    Don't allow an image size greater than 1 PiB. Also, add an exception
    block catching and reraising HTTPError inside _upload. This way, we don't
    fall into the Exception block below and log the full backtrace when the
    error has been diagnosed already.

    Adds unit test to verify 400 returned with supplied overlimit image size

    Change-Id: Ie745dffaf2fe43fdb7643c27d087e36d76b7c0e4

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: essex-3 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.