From 71347f2e9d6195a25cabff782c7058bed006e286 Mon Sep 17 00:00:00 2001
From: Mark Washenberger <mark.washenberger@rackspace.com>
Date: Mon, 28 Mar 2011 13:40:16 -0400
Subject: lock down requirements for change password

---
 nova/api/openstack/servers.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/openstack/servers.py b/nova/api/openstack/servers.py
index a98f81d98..b5727a7e1 100644
--- a/nova/api/openstack/servers.py
+++ b/nova/api/openstack/servers.py
@@ -599,6 +599,8 @@ class ControllerV11(Controller):
             or not 'adminPass' in input_dict['changePassword']):
             return exc.HTTPBadRequest()
         password = input_dict['changePassword']['adminPass']
+        if not isinstance(password, basestring) or password == '':
+            return exc.HTTPBadRequest()
         self.compute_api.set_admin_password(context, id, password)
         return exc.HTTPAccepted()
 
-- 
cgit