[Openstack-security] [openstack/glance] SecurityImpact review request change I47229b366c25367ec1bd48aec684e0880f3dfe60
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jan 15 15:57:05 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/144464
Log:
commit 0dc8fbb3479a53c5bba8475d14f4c7206904c5ea
Author: Zhi Yan Liu <zhiyanl at cn.ibm.com>
Date: Tue Dec 30 22:25:50 2014 +0800
Cleanup chunks for deleted image that was 'saving'
Currently image data cannot be removed synchronously for an image that
is in saving state. And when, the upload operation for such an image is
completed the operator configured quota can be exceeded.
This patch fixes the issue of left over chunks for an image which was
deleted from saving status. However, by the limitation of the design we
cannot enforce a global quota check for the image in saving status.
This change introduces a inconsonance between http response codes of
v1 and v2 APIs. The status codes which we will now see after the upload
process completes on an image which was deleted mid way are:
v1: 412 Precondition Failed
v2: 410 Gone
SecurityImpact
UpgradeImpact
APIImpact
Closes-Bug: 1383973
Closes-Bug: 1398830
Closes-Bug: 1188532
Change-Id: I47229b366c25367ec1bd48aec684e0880f3dfe60
Signed-off-by: Zhi Yan Liu <zhiyanl at cn.ibm.com>
More information about the Openstack-security
mailing list