1241725 – No or not correct input validation in "ceph" cli

Bug 1241725 - No or not correct input validation in "ceph" cli

Summary: No or not correct input validation in "ceph" cli

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RADOS
Sub Component:
Version:	1.2.3
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	2.1
Assignee:	Kefu Chai
QA Contact:	ceph-qe-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-10 00:02 UTC by Taco Scargo
Modified:	2017-07-30 15:14 UTC (History)
CC List:	8 users (show)
Fixed In Version:	RHEL: ceph-10.2.3-2.el7cp Ubuntu: ceph_10.2.3-3redhat1xenial
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-22 19:24:26 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	12287	0	None	None	None	Never
Red Hat Product Errata	RHSA-2016:2815	0	normal	SHIPPED_LIVE	Moderate: Red Hat Ceph Storage security, bug fix, and enhancement update	2017-03-22 02:06:33 UTC

Comment 2 Samuel Just 2015-07-10 17:37:56 UTC

It's not a security problem, the python command line parser we used doesn't like to see unicode there and so it raised an exception.  That tool actually does quite a lot of input validation and even gives suggestions in many cases (just apparently not for that kind.  Still, it would be better if we returned a nicer error message there.  I'll create an upstream ticket.

Comment 3 Ken Dreyer (Red Hat) 2015-07-16 00:31:56 UTC

Not yet fixed upstream; re-targeting to 1.3.2

Comment 4 Ken Dreyer (Red Hat) 2015-12-11 21:35:03 UTC

https://github.com/ceph/ceph/pull/5275 was in master (thanks Kefu), so this will be in RHCS 2.0 when we ship Jewel.

Comment 7 Harish NV Rao 2016-05-03 11:03:00 UTC

Tested in 10.2.0. Now no trace is printed but a ununderstandable message is printed. Needs a fix.

[ubuntu@magna003 ~]$ sudo ceph –w
error handling command target: 'ascii' codec can't encode character u'\u2013' in position 0: ordinal not in range(128)

Comment 9 Kefu Chai 2016-05-10 07:44:21 UTC

we have a patch: https://github.com/ceph/ceph/pull/8943 but not in master yet. we can defer it to 2.1

Not a blocker - recommend moving to 2.z

Comment 11 Kefu Chai 2016-09-05 05:25:13 UTC

merged in master. will be picked up by the RHCS 2.1.

Comment 16 errata-xmlrpc 2016-11-22 19:24:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2815.html

Note You need to log in before you can comment on or make changes to this bug.