cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9141) Userdata is not validated for valid base64
Date Fri, 11 Dec 2015 14:08:11 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15052798#comment-15052798
] 

ASF GitHub Bot commented on CLOUDSTACK-9141:
--------------------------------------------

GitHub user wido opened a pull request:

    https://github.com/apache/cloudstack/pull/1220

    CLOUDSTACK-9141: Validate userdata for valid base64

    This prevents the userdata from going through the stack completely
    and finding out very late in the process that it is invalid data.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/wido/cloudstack CLOUDSTACK-9141

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1220.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1220
    
----
commit d6b37001607d9b5f8514e48350ee3fee62328b90
Author: Wido den Hollander <wido@widodh.nl>
Date:   2015-12-11T13:25:24Z

    CLOUDSTACK-9141: Validate userdata for valid base64
    
    This prevents the userdata from going through the stack completely
    and finding out very late in the process that it is invalid data.

----


> Userdata is not validated for valid base64
> ------------------------------------------
>
>                 Key: CLOUDSTACK-9141
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9141
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.6.0, 4.7.0
>            Reporter: Wido den Hollander
>
> Currently the userdata passed to "deployvirtualmachine" is not verified if it is valid
base64.
> It is passed all the way down the the VR without validating if it is correct base64.
> We simple check if it is valid should be done in the management server before attempting
a deployment.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message