[Openstack-security] [openstack/glance] SecurityImpact review request change Ief37d1e29487bb03e612320f5cc06910cfd1c23a

Ian Cordasco ian.cordasco at RACKSPACE.COM
Wed Feb 4 22:23:36 UTC 2015 

Hey all,

The glance team was hoping to get some feedback from some OSSG members
about this review. Specifically, there seems to be a concern about causing
an Out of Memory error on the host
(https://review.openstack.org/#/c/148574/4/glance/common/utils.py). We’d
really appreciate your feedback.

Cheers,
Ian

On 2/4/15, 15:17, "gerrit2 at review.openstack.org"
<gerrit2 at review.openstack.org> wrote:

>
>Hi, I'd like you to take a look at this patch for potential
>SecurityImpact.
>https://review.openstack.org/148574
>
>Log:
>commit 86d3eb369c90e9f20e65af84eec5522086cbc625
>Author: Alexander Tivelkov <ativelkov at mirantis.com>
>Date:   Tue Jan 20 17:25:07 2015 +0300
>
>    Fix for CooperativeReader to properly process read length
>    
>    CooperativeReader, being an eventlet-friendly wrapper around the
>generator-
>    based reader of image data, actually transforms chunk-by-chunk
>iteration into
>    the readable stream. It is used when the image is being copied from
>the remote
>    source: some generator-based image data representing the remote
>source acts as
>    its underlying object, and the instance of CooperativeReader is
>passed as a
>    data stream to the backend client which uses it to read the data.
>    
>    Before this patch, the CooperativeReader was ignoring the "length"
>parameter of
>    the read method, always returning the whole chunk returned by the
>underlying
>    generator (in case of HTTP source the size of this chunk is 16 M).
>This was
>    causing problems for the clients attempting to read data from it, and
>- under
>    some circumstances - the loss of data.
>    
>    For chunked storage of files in Swift a special class (ChunkReader,
>declared in
>    the swift store driver) is used to reduce the requested read length
>so no extra
>    data is read and transferred. However, this was not working as the
>    CooperativeReader (which was the underlying stream for the
>ChunkReader) was
>    ignoring the requested size. This was causing the data to be lost
>when reading
>    behind the boundaries of the Chunks.
>    
>    This patchset introduces a buffer in the CooperativeReader to store
>the most
>    recently fetched iterator chunk. The reads are independent from
>requests to
>    iterator, so the CooperativeReader is able to return the exact
>requested amount
>    of bytes and no data is lost due to extra-reads.
>    
>    SecurityImpact
>    
>    Change-Id: Ief37d1e29487bb03e612320f5cc06910cfd1c23a
>    Closes-bug: #1412802
>
>
>_______________________________________________
>Openstack-security mailing list
>Openstack-security at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security

More information about the Openstack-security mailing list