Bug 1949632
| Summary: | MAC address validation passes on invalid MAC addresses (dropped hex digits) [osp-16.2] | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | nacurry | |
| Component: | python-neutron-lib | Assignee: | Rodolfo Alonso <ralonsoh> | |
| Status: | CLOSED ERRATA | QA Contact: | Eran Kuris <ekuris> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 16.2 (Train) | CC: | akatz, alifshit, apevec, chrisw, jjoyce, jschluet, lhh, ralonsoh, scohen | |
| Target Milestone: | z2 | Keywords: | Triaged | |
| Target Release: | 16.2 (Train on RHEL 8.4) | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | python-neutron-lib-1.29.1-2.20210623080523.4ef4b71.el8ost | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1974655 2023240 (view as bug list) | Environment: | ||
| Last Closed: | 2022-03-23 22:10:08 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2023244 | |||
*** Bug 1951228 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.2), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1001 |
Description of problem: [1] `openstack port create` allows creation of MAC addresses with missing digits (ex: 11:22:33:4:5:66) [2] This is due to reliance on netaddr upstream, which presumably has these loose standards due to limited legacy cases where leading zeroes may (incorrectly) be dropped. [3] I have submitted a pull request to clean this up, and if desired create a loose validation separately from the primary MAC validation, but I'm not sure I did a good job, and if I did, it doesn't solve the immediate problem. [4] Here is the code in neutron-lib that appears to be calling netaddr After creating the port, it's possible to use to build an instance, causing the instance to in some cases remain stuck in BUILD. I will create a BZ for this issue as well. Version-Release number of selected component (if applicable): Current OSP16.x Current python-netaddr How reproducible: Every time. Steps to Reproduce: 1. authenticate as admin or user 2. create port, specifying a MAC address with a missing character Actual results: It creates the port, no complaints. Expected results: Port creation should fail. Additional info: [1] (ess1612) [stack@undercloud-0 ~]$ openstack port create --mac-address 40:28:00:00:2:06 --network admin-tenant-overlay test-port-bad-mac_user [2] netaddr/strategy/eui48.py #----------------------------------------------------------------------------- #: Regular expressions to match all supported MAC address formats. RE_MAC_FORMATS = ( # 2 bytes x 6 (UNIX, Windows, EUI-48) '^' + ':'.join(['([0-9A-F]{1,2})'] * 6) + '$', '^' + '-'.join(['([0-9A-F]{1,2})'] * 6) + '$', # 4 bytes x 3 (Cisco) '^' + ':'.join(['([0-9A-F]{1,4})'] * 3) + '$', '^' + '-'.join(['([0-9A-F]{1,4})'] * 3) + '$', '^' + r'\.'.join(['([0-9A-F]{1,4})'] * 3) + '$', # 6 bytes x 2 (PostgreSQL) '^' + '-'.join(['([0-9A-F]{5,6})'] * 2) + '$', '^' + ':'.join(['([0-9A-F]{5,6})'] * 2) + '$', # 12 bytes (bare, no delimiters) '^(' + ''.join(['[0-9A-F]'] * 12) + ')$', '^(' + ''.join(['[0-9A-F]'] * 11) + ')$', ) [3]https://github.com/netaddr/netaddr/pull/229 [4] neutron_lib/api/validators/__init__.py 366 def validate_mac_address(data, valid_values=None): 367 """Validate data is a MAC address. 368 369 :param data: The data to validate. 370 :param valid_values: Not used! 371 :returns: None if the data is a valid MAC address, otherwise a human 372 readable message as to why validation failed. 373 """ 374 try: 375 valid_mac = netaddr.valid_mac(validate_no_whitespace(data)) 376 except Exception: 377 valid_mac = False 378 379 if valid_mac: 380 valid_mac = (netaddr.EUI(data) not in 381 map(netaddr.EUI, constants.INVALID_MAC_ADDRESSES)) 382 # TODO(arosen): The code in this file should be refactored 383 # so it catches the correct exceptions. validate_no_whitespace 384 # raises AttributeError if data is None. 385 if not valid_mac: 386 msg = _("'%s' is not a valid MAC address") % data 387 LOG.debug(msg) 388 return msg