[Openstack-security] [openstack/heat] SecurityImpact review request change I303d87addeed8b103eeb26dbcc48e3acce06ee6a
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Sep 18 00:47:33 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/224941
Log:
commit 7e9e2fdffc37092c1aa8f8f4412ffe4c21e68a23
Author: yangxurong <yangxurong at huawei.com>
Date: Mon Mar 30 14:39:17 2015 +1000
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections hence even after
the response is sent to the client, it doesn't close the client socket
connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Add a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of
time, eg:
$ time nc localhost 8776
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
DocImpact:
Added wsgi_keep_alive option (default=True).
Added client_socket_timeout option (default=900).
SecurityImpact
Change-Id: I303d87addeed8b103eeb26dbcc48e3acce06ee6a
Closes-Bug: #1361360
(cherry picked from commit 2be72f42f9debf9c2f186212dd27cb4f860d3399)
More information about the Openstack-security
mailing list