[Openstack-security] [openstack/neutron] SecurityImpact review request change I3a361d6590d1800b85791f23ac1cdfd79815341b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Oct 30 12:28:59 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/130834
Log:
commit 91f27fecf84bd95b41a1e2c15448a02cc23f4dc5
Author: abhishekkekane <abhishek.kekane at nttdata.com>
Date: Tue Oct 21 04:15:15 2014 -0700
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections. Hence even after
the response is sent to the client, it doesn't close the client socket
connection. Because of this problem, the green thread is not released
back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Added a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of time, eg:
$ time nc localhost 8776
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
DocImpact:
Added wsgi_keep_alive option (default=True).
Added client_socket_timeout option (default=900).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I3a361d6590d1800b85791f23ac1cdfd79815341b
More information about the Openstack-security
mailing list