Bug 1241725

Summary: No or not correct input validation in "ceph" cli
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Taco Scargo <taco>
Component: RADOSAssignee: Kefu Chai <kchai>
Status: CLOSED ERRATA QA Contact: ceph-qe-bugs <ceph-qe-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.2.3CC: ceph-eng-bugs, dzafman, flucifre, hnallurv, kchai, kdreyer, uboppana, vashastr
Target Milestone: rc   
Target Release: 2.1   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: RHEL: ceph-10.2.3-2.el7cp Ubuntu: ceph_10.2.3-3redhat1xenial Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-22 19:24:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 2 Samuel Just 2015-07-10 17:37:56 UTC
It's not a security problem, the python command line parser we used doesn't like to see unicode there and so it raised an exception.  That tool actually does quite a lot of input validation and even gives suggestions in many cases (just apparently not for that kind.  Still, it would be better if we returned a nicer error message there.  I'll create an upstream ticket.

Comment 3 Ken Dreyer (Red Hat) 2015-07-16 00:31:56 UTC
Not yet fixed upstream; re-targeting to 1.3.2

Comment 4 Ken Dreyer (Red Hat) 2015-12-11 21:35:03 UTC
https://github.com/ceph/ceph/pull/5275 was in master (thanks Kefu), so this will be in RHCS 2.0 when we ship Jewel.

Comment 7 Harish NV Rao 2016-05-03 11:03:00 UTC
Tested in 10.2.0. Now no trace is printed but a ununderstandable message is printed. Needs a fix.

[ubuntu@magna003 ~]$ sudo ceph –w
error handling command target: 'ascii' codec can't encode character u'\u2013' in position 0: ordinal not in range(128)

Comment 9 Kefu Chai 2016-05-10 07:44:21 UTC
we have a patch: https://github.com/ceph/ceph/pull/8943 but not in master yet. we can defer it to 2.1

Not a blocker - recommend moving to 2.z

Comment 11 Kefu Chai 2016-09-05 05:25:13 UTC
merged in master. will be picked up by the RHCS 2.1.

Comment 16 errata-xmlrpc 2016-11-22 19:24:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2815.html