diff options
| author | Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-05-09 15:18:08 -0400 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-05-09 15:20:44 -0400 |
| commit | 84074d411ce774406aa4e485437e7b5302d931bc (patch) | |
| tree | 635497f8a15b452e7d6cd4f19195220bd4e3211e /meta-openstack/recipes-devtools/python/python-keystone | |
| parent | c2f060b457d2a71d52eb827bbb40abd4718c1dea (diff) | |
| download | meta-cloud-services-84074d411ce774406aa4e485437e7b5302d931bc.tar.gz | |
core: update core components to latest havana/stable releases
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-keystone')
| -rw-r--r-- | meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch b/meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch deleted file mode 100644 index 1c5392f..0000000 --- a/meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch +++ /dev/null | |||
| @@ -1,60 +0,0 @@ | |||
| 1 | From e364ba5b12de8e4c11bd80bcca903f9615dcfc2e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Florent Flament <florent.flament-ext@cloudwatt.com> | ||
| 3 | Date: Tue, 1 Apr 2014 12:48:22 +0000 | ||
| 4 | Subject: Sanitizes authentication methods received in requests. | ||
| 5 | |||
| 6 | When a user authenticates against Identity V3 API, he can specify | ||
| 7 | multiple authentication methods. This patch removes duplicates, which | ||
| 8 | could have been used to achieve DoS attacks. | ||
| 9 | |||
| 10 | Closes-Bug: 1300274 | ||
| 11 | (cherry picked from commit ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c) | ||
| 12 | Cherry-pick from https://review.openstack.org/#/c/84425/ | ||
| 13 | |||
| 14 | Change-Id: I6e60324309baa094a5e54b012fb0fc528fea72ab | ||
| 15 | |||
| 16 | diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py | ||
| 17 | index c3399df..4944316 100644 | ||
| 18 | --- a/keystone/auth/controllers.py | ||
| 19 | +++ b/keystone/auth/controllers.py | ||
| 20 | @@ -225,7 +225,13 @@ class AuthInfo(object): | ||
| 21 | :returns: list of auth method names | ||
| 22 | |||
| 23 | """ | ||
| 24 | - return self.auth['identity']['methods'] or [] | ||
| 25 | + # Sanitizes methods received in request's body | ||
| 26 | + # Filters out duplicates, while keeping elements' order. | ||
| 27 | + method_names = [] | ||
| 28 | + for method in self.auth['identity']['methods']: | ||
| 29 | + if method not in method_names: | ||
| 30 | + method_names.append(method) | ||
| 31 | + return method_names | ||
| 32 | |||
| 33 | def get_method_data(self, method): | ||
| 34 | """Get the auth method payload. | ||
| 35 | diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py | ||
| 36 | index d07e6ae..e89e29f 100644 | ||
| 37 | --- a/keystone/tests/test_v3_auth.py | ||
| 38 | +++ b/keystone/tests/test_v3_auth.py | ||
| 39 | @@ -81,6 +81,18 @@ class TestAuthInfo(test_v3.RestfulTestCase): | ||
| 40 | None, | ||
| 41 | auth_data) | ||
| 42 | |||
| 43 | + def test_get_method_names_duplicates(self): | ||
| 44 | + auth_data = self.build_authentication_request( | ||
| 45 | + token='test', | ||
| 46 | + user_id='test', | ||
| 47 | + password='test')['auth'] | ||
| 48 | + auth_data['identity']['methods'] = ['password', 'token', | ||
| 49 | + 'password', 'password'] | ||
| 50 | + context = None | ||
| 51 | + auth_info = auth.controllers.AuthInfo(context, auth_data) | ||
| 52 | + self.assertEqual(auth_info.get_method_names(), | ||
| 53 | + ['password', 'token']) | ||
| 54 | + | ||
| 55 | def test_get_method_data_invalid_method(self): | ||
| 56 | auth_data = self.build_authentication_request( | ||
| 57 | user_id='test', | ||
| 58 | -- | ||
| 59 | cgit v0.10.1 | ||
| 60 | |||