[Openstack-security] [Bug 1382562] Re: security groups remote_group fails with CIDR in address pairs
Jeremy Stanley
fungi at yuggoth.org
Fri Oct 17 22:46:07 UTC 2014
Thanks Kevin. In that case I've tagged it as a security hardening
opportunity (removes a foot-cannon), and switched the advisory task to
won't-fix.
** Information type changed from Public Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
** Tags added: security
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1382562
Title:
security groups remote_group fails with CIDR in address pairs
Status in OpenStack Neutron (virtual network service):
In Progress
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Add a CIDR to allowed address pairs of a host. RPC calls from the
agents will run into this issue now when retrieving the security group
members' IPs. I haven't confirmed because I came across this working
on other code, but I think this may stop all members of the security
groups referencing that group from getting their rules over the RPC
channel.
File "neutron/api/rpc/handlers/securitygroups_rpc.py", line 75, in security_group_info_for_devices
return self.plugin.security_group_info_for_ports(context, ports)
File "neutron/db/securitygroups_rpc_base.py", line 202, in security_group_info_for_ports
return self._get_security_group_member_ips(context, sg_info)
File "neutron/db/securitygroups_rpc_base.py", line 209, in _get_security_group_member_ips
ethertype = 'IPv%d' % netaddr.IPAddress(ip).version
File "/home/administrator/code/neutron/.tox/py27/local/lib/python2.7/site-packages/netaddr/ip/__init__.py", line 281, in __init__
% self.__class__.__name__)
ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1382562/+subscriptions
More information about the Openstack-security
mailing list