Bug 1515193
Summary: | pcs should not allow {}\n\r characters in corosync.conf values | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomas Jelinek <tojeline> | |
Component: | pcs | Assignee: | Tomas Jelinek <tojeline> | |
Status: | CLOSED WONTFIX | QA Contact: | cluster-qe <cluster-qe> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | high | |||
Version: | 7.5 | CC: | cfeist, cluster-maint, idevat, omular, tojeline | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1551663 1679196 (view as bug list) | Environment: | ||
Last Closed: | 2020-09-16 12:45:35 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Tomas Jelinek
2017-11-20 11:23:09 UTC
This is rather urgent for reasons in [bug 1389209 comment 35]. And rather than being matter of corosync parser, it's a general deficiency in checking the inputs (possibly from less-privileged sources, depending on the exact use case) to compose the resulting corosync.conf from, as currently the precooked configuration snippets may be injected in "plain unlimited string"-evaluated instances. - { anywhere in a line means start of a section -> disallowed - } anywhere in a line means end of a section -> disallowed - \n and \r starts a new line which could be used to set its own key-value or section -> disallowed - : is allowed, as only the first : in a line matters - # is allowed, as the # only matters when it is the first character in a line (not considering whitespace) - there is no escaping available |