** Also affects: python-glanceclient
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1297414
Title:
Users can set arbitrary headers by adding newlines to header values
Status in OpenStack Image Registry and Delivery Service (Glance):
New
Status in Python client library for Glance:
New
Bug description:
Glance and the python-glanceclient (v1) do not armor/sanitize their
inputs when assembling headers. In particular, "x-image-meta-
property-description" is exposed via interfaces like Horizon (which
still uses v1) as a free-form text field, (Unicode, newlines, etc.
allowed) and if users introduce newlines, the glanceclient will POST
them to Glance verbatim without any extra encoding, which means
maliciously/incompetently constructed Description: values can set
header values that the client otherwise would not.
I can't really see anything in the code that uses HTTP headers to set
any sort of security context, but this could just be a lack of
imagination on my part.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1297414/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
