Return-Path: <issues-return-85570-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 57F47200D63
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  6 Dec 2017 23:08:05 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 5687C160C0A; Wed,  6 Dec 2017 22:08:05 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 993D7160BF3
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  6 Dec 2017 23:08:04 +0100 (CET)
Received: (qmail 44860 invoked by uid 500); 6 Dec 2017 22:08:03 -0000
Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:issues@cloudstack.apache.org>
List-Id: <issues.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list issues@cloudstack.apache.org
Received: (qmail 44838 invoked by uid 500); 6 Dec 2017 22:08:03 -0000
Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org
Received: (qmail 44787 invoked by uid 99); 6 Dec 2017 22:08:03 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Dec 2017 22:08:03 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id C28FA1A06B4
	for <cloudstack-issues@incubator.apache.org>; Wed,  6 Dec 2017 22:08:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.202
X-Spam-Level: 
X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001,
	SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 7aeK6VHB6U6k
	for <cloudstack-issues@incubator.apache.org>;
	Wed,  6 Dec 2017 22:08:02 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id BC8905F397
	for <cloudstack-issues@incubator.apache.org>; Wed,  6 Dec 2017 22:08:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 151A2E0F1F
	for <cloudstack-issues@incubator.apache.org>; Wed,  6 Dec 2017 22:08:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 48549255CD
	for <cloudstack-issues@incubator.apache.org>; Wed,  6 Dec 2017 22:08:00 +0000 (UTC)
Date: Wed, 6 Dec 2017 22:08:00 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.13122985.1512505753000.403085.1512598080293@Atlassian.JIRA>
In-Reply-To: <JIRA.13122985.1512505753000@Atlassian.JIRA>
References: <JIRA.13122985.1512505753000@Atlassian.JIRA> <JIRA.13122985.1512505753879@jira-lw-us.apache.org>
Subject: [jira] [Commented] (CLOUDSTACK-10175) Listing VPCs with a domain
 account and project id -1 returns all the VPCs in the syste
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Wed, 06 Dec 2017 22:08:05 -0000


    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16281005#comment-16281005 ] 

ASF GitHub Bot commented on CLOUDSTACK-10175:
---------------------------------------------

khos2ow commented on a change in pull request #2352: CLOUDSTACK-10175: prevent VPC list leakage
URL: https://github.com/apache/cloudstack/pull/2352#discussion_r155375932
 
 

 ##########
 File path: server/src/com/cloud/user/AccountManagerImpl.java
 ##########
 @@ -2472,6 +2464,11 @@ public void buildACLSearchParameters(Account caller, Long id, String accountName
                 if (projectId.longValue() == -1) {
                     if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                         permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
+
+                        //permittedAccounts can be empty when the caller is not a part of any project (a domain account)
+                        if (permittedAccounts.isEmpty()) {
 
 Review comment:
   I would say so.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Listing VPCs with a domain account and project id -1 returns all the VPCs in the syste
> --------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10175
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10175
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.10.0.0
>            Reporter: Khosrow Moossavi
>             Fix For: Future
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)