Bug 1241725 - No or not correct input validation in "ceph" cli
Summary: No or not correct input validation in "ceph" cli
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RADOS
Version: 1.2.3
Hardware: All
OS: All
medium
medium
Target Milestone: rc
: 2.1
Assignee: Kefu Chai
QA Contact: ceph-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-10 00:02 UTC by Taco Scargo
Modified: 2017-07-30 15:14 UTC (History)
8 users (show)

Fixed In Version: RHEL: ceph-10.2.3-2.el7cp Ubuntu: ceph_10.2.3-3redhat1xenial
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-22 19:24:26 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Ceph Project Bug Tracker 12287 None None None Never
Red Hat Product Errata RHSA-2016:2815 normal SHIPPED_LIVE Moderate: Red Hat Ceph Storage security, bug fix, and enhancement update 2017-03-22 02:06:33 UTC

Comment 2 Samuel Just 2015-07-10 17:37:56 UTC
It's not a security problem, the python command line parser we used doesn't like to see unicode there and so it raised an exception.  That tool actually does quite a lot of input validation and even gives suggestions in many cases (just apparently not for that kind.  Still, it would be better if we returned a nicer error message there.  I'll create an upstream ticket.

Comment 3 Ken Dreyer (Red Hat) 2015-07-16 00:31:56 UTC
Not yet fixed upstream; re-targeting to 1.3.2

Comment 4 Ken Dreyer (Red Hat) 2015-12-11 21:35:03 UTC
https://github.com/ceph/ceph/pull/5275 was in master (thanks Kefu), so this will be in RHCS 2.0 when we ship Jewel.

Comment 7 Harish NV Rao 2016-05-03 11:03:00 UTC
Tested in 10.2.0. Now no trace is printed but a ununderstandable message is printed. Needs a fix.

[ubuntu@magna003 ~]$ sudo ceph –w
error handling command target: 'ascii' codec can't encode character u'\u2013' in position 0: ordinal not in range(128)

Comment 9 Kefu Chai 2016-05-10 07:44:21 UTC
we have a patch: https://github.com/ceph/ceph/pull/8943 but not in master yet. we can defer it to 2.1

Not a blocker - recommend moving to 2.z

Comment 11 Kefu Chai 2016-09-05 05:25:13 UTC
merged in master. will be picked up by the RHCS 2.1.

Comment 16 errata-xmlrpc 2016-11-22 19:24:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2815.html


Note You need to log in before you can comment on or make changes to this bug.