[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Chris MacNaughton]

** Changed in: cloud-archive/icehouse
   Status: Triaged => Won't Fix

** Changed in: cloud-archive/kilo
   Status: Triaged => Won't Fix

** Changed in: cloud-archive/liberty
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Eduardo Barretto]

This bug was fixed in the package swift - 1.13.1-0ubuntu1.5

---
swift (1.13.1-0ubuntu1.5) trusty-security; urgency=medium

  [ Jamie Strandboge ]
  * SECURITY UPDATE: disallow unsafe tempurl operations to point to
unauthorized data
- debian/patches/CVE-2015-5223.patch: disallow creation of DLO object
  manifests if non-safe tempurl request includes X-Object-Manifest header
- CVE-2015-5223
- LP: #1453948

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via incorrectly closed client connections
- debian/patches/CVE-2016-0737.patch: get better at closing WSGI
  iterables in swift/common/middleware/dlo.py,
  swift/common/middleware/slo.py, swift/common/request_helpers.py,
  swift/common/swob.py, swift/common/utils.py,
  test/unit/common/middleware/helpers.py,
  test/unit/common/middleware/test_dlo.py,
  test/unit/common/middleware/test_slo.py.
- CVE-2016-0737
  * SECURITY UPDATE: DoS via incorrectly closed server connections
- debian/patches/CVE-2016-0738.patch: fix memory/socket leak in proxy
  on truncated SLO/DLO GET in swift/common/request_helpers.py,
  test/unit/common/middleware/test_slo.py.
- CVE-2016-0738
  * Thanks to Red Hat for the patch backports!
  * debian/patches/fix-ubuntu-tests.patch: disable another test that no
longer works on buildds.

 -- Marc Deslauriers   Tue, 12 Sep 2017
07:36:43 -0400

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5223

** Changed in: swift (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[James Page]

** Changed in: cloud-archive
   Status: New => Invalid

** Changed in: swift (Ubuntu Wily)
   Status: Triaged => Won't Fix

** Changed in: swift (Ubuntu Trusty)
   Status: Triaged => Won't Fix

** Changed in: swift (Ubuntu Trusty)
   Status: Won't Fix => New

** Changed in: swift (Ubuntu Trusty)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[James Page]

** No longer affects: swift (Ubuntu Vivid)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[James Page]

** Also affects: swift (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Also affects: swift (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: swift (Ubuntu Yakkety)
   Importance: High
   Status: Confirmed

** Also affects: swift (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: swift (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: swift (Ubuntu Yakkety)
   Status: Confirmed => Fix Released

** Changed in: swift (Ubuntu Xenial)
   Status: New => Fix Released

** Changed in: swift (Ubuntu Wily)
   Status: New => Triaged

** Changed in: swift (Ubuntu Vivid)
   Status: New => Won't Fix

** Changed in: swift (Ubuntu Trusty)
   Status: New => Triaged

** Also affects: cloud-archive/kilo
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/mitaka
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/icehouse
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/liberty
   Importance: Undecided
   Status: New

** Changed in: cloud-archive/mitaka
   Status: New => Fix Released

** Changed in: cloud-archive/kilo
   Status: New => Triaged

** Changed in: cloud-archive/icehouse
   Status: New => Triaged

** Changed in: cloud-archive/liberty
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[James Page]

** Changed in: swift (Ubuntu)
   Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Tristan Cacqueray]

@james-page, it seems like you are the one who can change the "swift
(ubuntu)" task status. Please put it back to "confirmed"...

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Pratap D]

Changed in swift (Ubuntu):

By mistake I changed the status to "Fix released".

Status needs to be changed to "Confirmed".
Please change the status to "Confirmed".

Sorry for the trouble.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Pratap D]

** Changed in: swift (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[OpenStack Infra]

Reviewed:  https://review.openstack.org/290148
Committed: 
https://git.openstack.org/cgit/openstack/swift/commit/?id=0f7f1de233919a0b046349a3e31ae7fc8675a1c5
Submitter: Jenkins
Branch:feature/hummingbird

commit d6b4587a554b51ba733b151e0d924735b63d07e0
Author: Olga Saprycheva 
Date:   Tue Mar 8 10:57:56 2016 -0600

Removed redundant file for flake8 check

Change-Id: I4322978aa20ee731391f7709bbd79dee140fc703

commit 643dbce134140530eef2ae62c42fef1107f905ed
Author: OpenStack Proposal Bot 
Date:   Tue Mar 8 06:35:49 2016 +

Imported Translations from Zanata

For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure

Change-Id: I96b8ff1287bf219c5f8d56a3a4868c1063a953f9

commit 83713d37f0331c5ce9d377f4b4e8724551ae30ca
Author: Daisuke Morita 
Date:   Mon Mar 7 18:30:47 2016 -0800

Missing comments for storage policy parameter

There are missing comments about storege_policy_index so appropriate
comments are added.

Change-Id: I3de3f0e6864e65918ca1a13cce70f19c23d295f5

commit 2cff2dec3d1c4588f5103e39679c43b3dded6dcb
Author: Olga Saprycheva 
Date:   Fri Mar 4 15:19:39 2016 -0600

Fixed pep8 and flake8 errors in doc/source/conf.py and updated flake8 
commands in tox.ini to test it.

Change-Id: I2add370e4cfb55d1388e3a8b41f688a7f3f2c621

commit 043fbca6d08648baa314ea2236f1ccdca8785f16
Author: Christian Schwede 
Date:   Fri Mar 4 09:33:17 2016 +

Remove Erasure Coding beta status from docs

This removes notes stating support for Erasure coding as beta. Questions
regarding the stability of EC are coming up regularly, and are often 
referring
to the docs that state EC as still in beta.

Besides this, a note marking statsd support as beta has been removed as 
well.

Change-Id: If4fb6a5c4cb741d42953db3cee8cb17a1d774e15

commit 09c73b86e9255f28fbd4cf571a52c17d549a8f9a
Author: Pete Zaitcev 
Date:   Thu Mar 3 10:24:28 2016 -0700

Fix a crash in exception printout

Says the number of arguments does not match the number of '%'.

Change-Id: I8b5e395a07328fb9d4ac7a19f8ed2ae1637bee3b

commit fad5fabe0a22e8a86635a66523dd3d3d3b1fa705
Author: Tim Burke 
Date:   Thu Mar 3 15:07:08 2016 +

During functional tests, 404 response to a DELETE is successful

Previously, we would only consider 204 responses successful, which would
cause some spurious gate failures, such as


http://logs.openstack.org/66/287666/3/check/gate-swift-dsvm-functional/c6d2673/console.html#_2016-03-03_13_41_07_846

Change-Id: Ic8c300647924352a297a2781b50064f7657038b4

commit e91de49d6864b3794f8dc5acd9c1bf0c2f7409d1
Author: Alistair Coles 
Date:   Mon Aug 10 10:30:10 2015 -0500

Update container on fast-POST

This patch makes a number of changes to enable content-type
metadata to be updated when using the fast-POST mode of
operation, as proposed in the associated spec [1].

* the object server and diskfile are modified to allow
  content-type to be updated by a POST and the updated value
  to be stored in .meta files.

* the object server accepts PUTs and DELETEs with older
  timestamps than existing .meta files. This is to be
  consistent with replication that will leave a later .meta
  file in place when replicating a .data file.

* the diskfile interface is modified to provide accessor
  methods for the content-type and its timestamp.

* the naming of .meta files is modified to encode two
  timestamps when the .meta file contains a content-type value
  that was set prior to the latest metadata update; this
  enables consistency to be achieved when rsync is used for
  replication.

* ssync is modified to sync meta files when content-type
  differs between local and remote copies of objects.

* the object server issues container updates when handling
  POST requests, notifying the container server of the current
  immutable metadata (etag, size, hash, swift_bytes),
  content-type with their respective timestamps, and the
  mutable metadata timestamp.

* the container server maintains the most recently reported
  values for immutable metadata, content-type and mutable
  metadata, each with their respective timestamps, in a single
  db row.

* new probe tests verify that replication achieves eventual
  consistency of containers and objects after discrete updates
  to content-type and mutable metadata, and that container-sync
  sync's objects after fast-post updates.

[1] spec change-id: I60688efc3df692d3a39557114dca8c5490f7837e

Change-Id: 

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[OpenStack Infra]

Reviewed:  https://review.openstack.org/270241
Committed: 
https://git.openstack.org/cgit/openstack/ossa/commit/?id=606a18e718aed329a9d42d298e3119f0f1974e3d
Submitter: Jenkins
Branch:master

commit 606a18e718aed329a9d42d298e3119f0f1974e3d
Author: Tristan Cacqueray 
Date:   Wed Jan 20 10:19:30 2016 -0500

Adds OSSA-2016-004 (CVE-2016-0737, CVE-2016-0738)

Related-Bug: #1466549
Related-Bug: #1493303
Change-Id: Id7b40ab5101ccbd889c4ffc6bd9629bb5f2b8d7f


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0737

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[OpenStack Infra]

Reviewed:  https://review.openstack.org/272201
Committed: 
https://git.openstack.org/cgit/openstack/swift/commit/?id=f9b7fd3074b5b0e5d6ea879d4144f7bfeec5d46b
Submitter: Jenkins
Branch:feature/crypto

commit e13a03c379273ee10e678818078b9c40a96a7dc9
Author: Tim Burke 
Date:   Wed Jan 20 16:06:26 2016 -0800

Stop overriding builtin range

Change-Id: I315f8b554bb9e96659b455f4158f074961bd6498

commit 0a404def7d54d1ef1c85c11a378052260c4fda4c
Author: John Dickinson 
Date:   Wed Jan 20 15:19:35 2016 -0800

remove unneeded duplicate dict keys

Change-Id: I926d7aaa9df093418aaae54fe26e8f7bc8210645

commit 221f94fdd39fd2dcd9a2e5565adceab615d55913
Author: John Dickinson 
Date:   Tue Jan 19 14:50:24 2016 -0800

authors and changelog updates for 2.6.0

Change-Id: Idd0ff9e70abc0773be183c37cd6125fe852da7c0

commit 58359269b0e971e52f0eb7f97221566ca2148014
Author: Samuel Merritt 
Date:   Tue Dec 8 16:36:05 2015 -0800

Fix memory/socket leak in proxy on truncated SLO/DLO GET

When a client disconnected while consuming an SLO or DLO GET response,
the proxy would leak a socket. This could be observed via strace as a
socket that had shutdown() called on it, but was never closed. It
could also be observed by counting entries in /proc//fd, where
 is the pid of a proxy server worker process.

This is due to a memory leak in SegmentedIterable. A SegmentedIterable
has an 'app_iter' attribute, which is a generator. That generator
references 'self' (the SegmentedIterable object). This creates a
cyclic reference: the generator refers to the SegmentedIterable, and
the SegmentedIterable refers to the generator.

Python can normally handle cyclic garbage; reference counting won't
reclaim it, but the garbage collector will. However, objects with
finalizers will stop the garbage collector from collecting them* and
the cycle of which they are part.

For most objects, "has finalizer" is synonymous with "has a __del__
method". However, a generator has a finalizer once it's started
running and before it finishes: basically, while it has stack frames
associated with it**.

When a client disconnects mid-stream, we get a memory leak. We have
our SegmentedIterable object (call it "si"), and its associated
generator. si.app_iter is the generator, and the generator closes over
si, so we have a cycle; and the generator has started but not yet
finished, so the generator needs finalization; hence, the garbage
collector won't ever clean it up.

The socket leak comes in because the generator *also* refers to the
request's WSGI environment, which contains wsgi.input, which
ultimately refers to a _socket object from the standard
library. Python's _socket objects only close their underlying file
descriptor when their reference counts fall to 0***.

This commit makes SegmentedIterable.close() call
self.app_iter.close(), thereby unwinding its generator's stack and
making it eligible for garbage collection.

* in Python < 3.4, at least. See PEP 442.

** see PyGen_NeedsFinalizing() in Objects/genobject.c and also
   has_finalizer() in Modules/gcmodule.c in Python.

*** see sock_dealloc() in Modules/socketmodule.c in Python. See
sock_close() in the same file for the other half of the sad story.

This closes CVE-2016-0738.

Closes-Bug: 1493303

Co-Authored-By: Kota Tsuyuzaki 

Change-Id: Ib86c4c45641485ce1034212bf6f53bb84f02f612

commit bc4b298b6e208d3188641712c9d66ae82d172c14
Author: Samuel Merritt 
Date:   Tue Jan 19 15:33:13 2016 -0800

Fix a comment's indentation

Change-Id: I34514525b606cf82767ddce7769bc42fa5457717

commit 3a0486e532f22af0d3c8a5c5d78613c22e786ff6
Author: Sivasathurappan Radhakrishnan 
Date:   Fri Dec 4 17:43:00 2015 +

Deleted comment about part power in FakeRing

Deleted comment about parameter part power in Class FakeRing as its
behavior got dropped in I8bfc388a04eff6491038991cdfd7686c9d961545.

Change-Id: Iec7d2565a77e48493b0056021066d8d8eab65d0b
Closes-Bug:  #1488704

commit 999479f9b17b42ccc5da54ce01651960cf7cf970
Author: John Dickinson 
Date:   Tue Jan 19 10:30:30 2016 -0800

Bump eventlet min version to 0.17.4

IPv6 support in Swift is dependent on IPv6 support in eventlet.
eventlet itself only claims support for IPv6 post v0.17
(https://github.com/eventlet/eventlet/issues/8). This update matches
the OpenStack global requirements version.

Change-Id: I9d8433cdd3bf7d7a93b8f50b991cc21721a80d22

commit 133a3ea601a3fea84af36a42845f27b8182fd901
Author: Christopher Bartz 
Date:   Mon Dec 21 14:17:00 2015 +0100

Use the correct 

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Tristan Cacqueray]

** Changed in: ossa
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to swift in Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Tristan Cacqueray]

** Changed in: ossa
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[OpenStack Infra]

Reviewed:  https://review.openstack.org/270234
Committed: 
https://git.openstack.org/cgit/openstack/swift/commit/?id=a4c1825a026655b7ed21d779824ae7c25318fd52
Submitter: Jenkins
Branch:stable/kilo

commit a4c1825a026655b7ed21d779824ae7c25318fd52
Author: Samuel Merritt 
Date:   Tue Dec 8 16:36:05 2015 -0800

Fix memory/socket leak in proxy on truncated SLO/DLO GET

When a client disconnected while consuming an SLO or DLO GET response,
the proxy would leak a socket. This could be observed via strace as a
socket that had shutdown() called on it, but was never closed. It
could also be observed by counting entries in /proc//fd, where
 is the pid of a proxy server worker process.

This is due to a memory leak in SegmentedIterable. A SegmentedIterable
has an 'app_iter' attribute, which is a generator. That generator
references 'self' (the SegmentedIterable object). This creates a
cyclic reference: the generator refers to the SegmentedIterable, and
the SegmentedIterable refers to the generator.

Python can normally handle cyclic garbage; reference counting won't
reclaim it, but the garbage collector will. However, objects with
finalizers will stop the garbage collector from collecting them* and
the cycle of which they are part.

For most objects, "has finalizer" is synonymous with "has a __del__
method". However, a generator has a finalizer once it's started
running and before it finishes: basically, while it has stack frames
associated with it**.

When a client disconnects mid-stream, we get a memory leak. We have
our SegmentedIterable object (call it "si"), and its associated
generator. si.app_iter is the generator, and the generator closes over
si, so we have a cycle; and the generator has started but not yet
finished, so the generator needs finalization; hence, the garbage
collector won't ever clean it up.

The socket leak comes in because the generator *also* refers to the
request's WSGI environment, which contains wsgi.input, which
ultimately refers to a _socket object from the standard
library. Python's _socket objects only close their underlying file
descriptor when their reference counts fall to 0***.

This commit makes SegmentedIterable.close() call
self.app_iter.close(), thereby unwinding its generator's stack and
making it eligible for garbage collection.

* in Python < 3.4, at least. See PEP 442.

** see PyGen_NeedsFinalizing() in Objects/genobject.c and also
   has_finalizer() in Modules/gcmodule.c in Python.

*** see sock_dealloc() in Modules/socketmodule.c in Python. See
sock_close() in the same file for the other half of the sad story.

This closes CVE-2016-0738.

Closes-Bug: 1493303

Change-Id: I9b617bfc152dca40d1750131d1d814d85c0a88dd
Co-Authored-By: Kota Tsuyuzaki 


** Tags added: in-stable-kilo

** Tags added: in-stable-liberty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

[Ubuntu Foundations Team Bug Bot]

The attachment "leakpatch-1.diff" seems to be a patch.  If it isn't,
please remove the "patch" flag from the attachment, remove the "patch"
tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the
team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs