Reviewed: https://review.opendev.org/c/openstack/ossa/+/807942 Committed: https://opendev.org/openstack/ossa/commit/4f5d81b664a81ad7ba4856fbabe1d3f1f12a14e8 Submitter: "Zuul (22348)" Branch: master
commit 4f5d81b664a81ad7ba4856fbabe1d3f1f12a14e8 Author: Jeremy Stanley <[email protected]> Date: Wed Sep 8 20:15:03 2021 +0000 Add OSSA-2021-006 (CVE-2021-40797) Change-Id: Ie61b5ffbec78e8c90e5ad773c9479f0d7ae1b932 Closes-Bug: #1942179 ** Changed in: ossa Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-40797 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1942179 Title: Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) Status in neutron: Fix Released Status in OpenStack Security Advisory: Fix Released Bug description: Authorized cloud user may do API requests to neutron to not existing endpoints, like e.g.: curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth- Token: $token" and each such request will increase memory consumption of the neutron- api worker process. What I did was: * start neutron server with just one api worker (easier to calculate memory consumption but it would be the same leak in case of more workers too). Memory consumption was: sudo pmap 212436 | tail -n 1 total 183736K * now run command like: $ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python- requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1 >/dev/null; i=$(( i+1 )); sleep 0.01; done * check memory consumption of the same api worker now: sudo pmap 212436 | tail -n 1 total 457896K To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1942179/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
