Reviewed: https://review.opendev.org/c/openstack/neutron/+/837168 Committed: https://opendev.org/openstack/neutron/commit/c0bf560fa36aac798ad8783749fa78ddf766bdec Submitter: "Zuul (22348)" Branch: master
commit c0bf560fa36aac798ad8783749fa78ddf766bdec Author: Andrew Karpow <[email protected]> Date: Fri Apr 8 18:32:03 2022 +0200 Force security_group_id uuid validation of sg rules security_groups_db._check_security_group is supposed to check the security_group_id of the _create_security_group_rule payload. When using an integer e.g. 0, as security_group_id, the check succededs because mysql accepts following query: SELECT * FROM securitygroups WHERE id in (0) Forcing validation of security_group_id as uuid fixes the problem Closes-Bug: #1968343 Change-Id: I7c36b09309c1ef66608afacfb281b6f4b06ea5b8 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1968343 Title: Security Group Rule create with forged integer security_group_id causes exceptions Status in neutron: Fix Released Bug description: Assuming a project xyz has Security Groups, following POST requests fails with HTTP 500 ValueError: /v2.0/security-group-rules { "security_group_rule": { "direction": "egress", "ethertype": "IPv4", "port_range_max": 443, "port_range_min": 443, "project_id": "xyz", "protocol": "tcp", "remote_ip_prefix": "34.231.24.224/32", "security_group_id": 0 } } The value error is raised by python uuid with `badly formed hexadecimal UUID string`. This is because the prior validation _check_security_group in securitygroups_db.py is using sg_obj.SecurityGroup.objects_exist(context, id=id) which yields true with MySQL, e.g.: MariaDB [neutron]> SELECT count(*) FROM securitygroups WHERE securitygroups.id IN (0); +----------+ | count(*) | +----------+ | 15 | +----------+ 1 row in set, 46 warnings (0.001 sec) MariaDB [neutron]> SHOW WARNINGS LIMIT 1; +---------+------+--------------------------------------------------------------------------+ | Level | Code | Message | +---------+------+--------------------------------------------------------------------------+ | Warning | 1292 | Truncated incorrect DOUBLE value: '77dd53b2-59c0-4208-b03c-9f9f65bf9a28' | +---------+------+--------------------------------------------------------------------------+ 1 row in set (0.000 sec) Thus, the validation succeeds and the code path is followed till the id is converted to a UUID - which causes the unexpected exception. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1968343/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
