[Openstack-security] [openstack/nova] SecurityImpact review request change I3b14a37edbe4bdc5db31ff4f08f78e78b60077ff
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Mar 16 10:37:10 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/164643
Log:
commit 392dc228034bbd8968f4c65ddfce6343bff938ea
Author: abhishekkekane <abhishek.kekane at nttdata.com>
Date: Tue Oct 21 01:37:42 2014 -0700
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections hence even after
the response is sent to the client, it doesn't close the client socket
connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Icehouse backport note: socket_timeout was dropped, it was introduced
in 0.14[*] and Icehouse eventlet lower bound is 0.13
[*] https://github.com/eventlet/eventlet/commit/7d4916f01462de09cb58853d9de2e85777c2ad5b
Note: The required unit-tests are manually added to the below path,
as new path for unit-tests is not present in stable/icehouse release.
nova/tests/test_wsgi.py
DocImpact:
Added wsgi_keep_alive option (default=True).
SecurityImpact
Conflicts:
nova/tests/unit/test_wsgi.py
Closes-Bug: #1361360
(cherry picked from commit 04d7a724fdf80db51e73f12c5b8c982db9310742)
Change-Id: I3b14a37edbe4bdc5db31ff4f08f78e78b60077ff
More information about the Openstack-security
mailing list