[Openstack-security] [openstack/glance] SecurityImpact review request change Ief37d1e29487bb03e612320f5cc06910cfd1c23a
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Feb 4 21:17:47 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/148574
Log:
commit 86d3eb369c90e9f20e65af84eec5522086cbc625
Author: Alexander Tivelkov <ativelkov at mirantis.com>
Date: Tue Jan 20 17:25:07 2015 +0300
Fix for CooperativeReader to properly process read length
CooperativeReader, being an eventlet-friendly wrapper around the generator-
based reader of image data, actually transforms chunk-by-chunk iteration into
the readable stream. It is used when the image is being copied from the remote
source: some generator-based image data representing the remote source acts as
its underlying object, and the instance of CooperativeReader is passed as a
data stream to the backend client which uses it to read the data.
Before this patch, the CooperativeReader was ignoring the "length" parameter of
the read method, always returning the whole chunk returned by the underlying
generator (in case of HTTP source the size of this chunk is 16 M). This was
causing problems for the clients attempting to read data from it, and - under
some circumstances - the loss of data.
For chunked storage of files in Swift a special class (ChunkReader, declared in
the swift store driver) is used to reduce the requested read length so no extra
data is read and transferred. However, this was not working as the
CooperativeReader (which was the underlying stream for the ChunkReader) was
ignoring the requested size. This was causing the data to be lost when reading
behind the boundaries of the Chunks.
This patchset introduces a buffer in the CooperativeReader to store the most
recently fetched iterator chunk. The reads are independent from requests to
iterator, so the CooperativeReader is able to return the exact requested amount
of bytes and no data is lost due to extra-reads.
SecurityImpact
Change-Id: Ief37d1e29487bb03e612320f5cc06910cfd1c23a
Closes-bug: #1412802
More information about the Openstack-security
mailing list