Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 917901 Details for
Bug 1118833
CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
master/juno patch for CVE-2014-3555
cve-2014-3555-master-juno.patch (text/plain), 4.24 KB, created by
Vincent Danen
on 2014-07-14 15:58:47 UTC
(
hide
)
Description:
master/juno patch for CVE-2014-3555
Filename:
MIME Type:
Creator:
Vincent Danen
Created:
2014-07-14 15:58:47 UTC
Size:
4.24 KB
patch
obsolete
>diff --git a/neutron/extensions/allowedaddresspairs.py b/neutron/extensions/allowedaddresspairs.py >index a9328aa..6588d5f 100644 >--- a/neutron/extensions/allowedaddresspairs.py >+++ b/neutron/extensions/allowedaddresspairs.py >@@ -16,6 +16,15 @@ import webob.exc > > from neutron.api.v2 import attributes as attr > from neutron.common import exceptions as nexception >+from oslo.config import cfg >+ >+allowed_address_pair_opts = [ >+ #TODO(limao): use quota framework when it support quota for attributes >+ cfg.IntOpt('max_allowed_address_pair', default=10, >+ help=_("Maximum number of allowed address pairs")), >+] >+ >+cfg.CONF.register_opts(allowed_address_pair_opts) > > > class AllowedAddressPairsMissingIP(nexception.InvalidInput): >@@ -32,8 +41,17 @@ class DuplicateAddressPairInRequest(nexception.InvalidInput): > "mac_address %(mac_address)s ip_address %(ip_address)s.") > > >+class AllowedAddressPairExhausted(nexception.BadRequest): >+ message = _("The number of allowed address pair " >+ "exceeds the maximum %(quota)s.") >+ >+ > def _validate_allowed_address_pairs(address_pairs, valid_values=None): > unique_check = {} >+ if len(address_pairs) > cfg.CONF.max_allowed_address_pair: >+ raise AllowedAddressPairExhausted( >+ quota=cfg.CONF.max_allowed_address_pair) >+ > for address_pair in address_pairs: > # mac_address is optional, if not set we use the mac on the port > if 'mac_address' in address_pair: >diff --git a/neutron/tests/unit/test_extension_allowedaddresspairs.py b/neutron/tests/unit/test_extension_allowedaddresspairs.py >index 28dcd91..bcaa11b 100644 >--- a/neutron/tests/unit/test_extension_allowedaddresspairs.py >+++ b/neutron/tests/unit/test_extension_allowedaddresspairs.py >@@ -22,6 +22,8 @@ from neutron.extensions import allowedaddresspairs as addr_pair > from neutron.extensions import portsecurity as psec > from neutron import manager > from neutron.tests.unit import test_db_plugin >+from oslo.config import cfg >+ > > DB_PLUGIN_KLASS = ('neutron.tests.unit.test_extension_allowedaddresspairs.' > 'AllowedAddressPairTestPlugin') >@@ -159,6 +161,28 @@ class TestAllowedAddressPairs(AllowedAddressPairDBTestCase): > 'ip_address': '10.0.0.1'}] > self._create_port_with_address_pairs(address_pairs, 400) > >+ def test_more_than_max_allowed_address_pair(self): >+ cfg.CONF.set_default('max_allowed_address_pair', 3) >+ address_pairs = [{'mac_address': '00:00:00:00:00:01', >+ 'ip_address': '10.0.0.1'}, >+ {'mac_address': '00:00:00:00:00:02', >+ 'ip_address': '10.0.0.2'}, >+ {'mac_address': '00:00:00:00:00:03', >+ 'ip_address': '10.0.0.3'}, >+ {'mac_address': '00:00:00:00:00:04', >+ 'ip_address': '10.0.0.4'}] >+ self._create_port_with_address_pairs(address_pairs, 400) >+ >+ def test_equal_to_max_allowed_address_pair(self): >+ cfg.CONF.set_default('max_allowed_address_pair', 3) >+ address_pairs = [{'mac_address': '00:00:00:00:00:01', >+ 'ip_address': '10.0.0.1'}, >+ {'mac_address': '00:00:00:00:00:02', >+ 'ip_address': '10.0.0.2'}, >+ {'mac_address': '00:00:00:00:00:03', >+ 'ip_address': '10.0.0.3'}] >+ self._create_port_with_address_pairs(address_pairs, 201) >+ > def test_create_overlap_with_fixed_ip(self): > address_pairs = [{'mac_address': '00:00:00:00:00:01', > 'ip_address': '10.0.0.2'}] >@@ -186,8 +210,10 @@ class TestAllowedAddressPairs(AllowedAddressPairDBTestCase): > res = self._create_port(self.fmt, net['network']['id'], > arg_list=(addr_pair.ADDRESS_PAIRS,), > allowed_address_pairs=address_pairs) >- self.deserialize(self.fmt, res) >+ port = self.deserialize(self.fmt, res) > self.assertEqual(res.status_int, ret_code) >+ if ret_code == 201: >+ self._delete('ports', port['port']['id']) > > def test_update_add_address_pairs(self): > with self.network() as net: >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=917901">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1118833
: 917901 |
917902
|
917904