Comment 20 for bug 981332

** Impact **

If the glance api server is behind a conforming HTTP/1.1 reverse proxy (pound, in this example), all uploaded images will be corrupted. This is because glance.client sends both the "Content-Length" and "Transfer-Encoding: chunked" headers. The HTTP/1.1 spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4) says:

"If a message is received with both a Transfer-Encoding header field and a Content-Length header field, the latter MUST be ignored."

The glance client is sending Content-Length first, and pound sanitizes the request, so it rightfully strips out the Transfer-Encoding. This means that the chunk sizes in the body of the request are written as data to the image, resulting in a corrupted image.

This affects diablo, essex, and folsom, though it will only affect non-sendfile platforms on essex and folsom (since that codepath is not affected).

** Development Fix **

This is fixed in the development trunk at: https://review.openstack.org/6563 and in quantal

** Stable Fix **

This is fixed in the stable/essex branch at: https://review.openstack.org/6776

** Test Case **

Run the glance unit tests

** Regression Potental **

Minimal, this code path is not used in Ubuntu by default.