On 10/26/2017 10:56 PM, Joshua Harlow wrote:
Just the paranoid person in me, but is it safe to say that the filter that you are showing here does not come from user text?

Ie these two lines don't come from a user input directly (without going through some filter) do they?


From reading it seems like perhaps they do come at least partially from a user, so I am hoping that its not possible for a user to present a 'ip' that is really a complicated regex that takes a long time to compile (and therefore can DOS the nova-api component); but I don't know the surrounding code so I might be wrong...

Just wondering :-/


We have schema validation on the ip filter but it's just checking that it can actually compile it:


So yeah, probably a potential problem like you pointed out.




OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Reply via email to