diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-03-13 11:48:00 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-03-13 11:48:00 +0000 |
| commit | 44d2a4c02f0771f5b6614de9d50a9fde498a0a65 (patch) | |
| tree | d039188ef084780355c6538482e6450bef986911 | |
| parent | 7f9b28ad0e3e6b0b25a2643cc951db7695db4f36 (diff) | |
| parent | 40640215468b1fe7f7b17c299c658e94f82e7d70 (diff) | |
| download | oslo-44d2a4c02f0771f5b6614de9d50a9fde498a0a65.tar.gz oslo-44d2a4c02f0771f5b6614de9d50a9fde498a0a65.tar.xz oslo-44d2a4c02f0771f5b6614de9d50a9fde498a0a65.zip | |
Merge "Sanitize input before creating IPC socket."
| -rw-r--r-- | openstack/common/rpc/impl_zmq.py | 10 | ||||
| -rw-r--r-- | tests/unit/rpc/test_zmq.py | 19 |
2 files changed, 29 insertions, 0 deletions
diff --git a/openstack/common/rpc/impl_zmq.py b/openstack/common/rpc/impl_zmq.py index 7af9cd0..87f8d21 100644 --- a/openstack/common/rpc/impl_zmq.py +++ b/openstack/common/rpc/impl_zmq.py @@ -16,6 +16,7 @@ import os import pprint +import re import socket import sys import types @@ -431,6 +432,8 @@ class ZmqProxy(ZmqBaseReactor): def __init__(self, conf): super(ZmqProxy, self).__init__(conf) + pathsep = set((os.path.sep or '', os.path.altsep or '', '/', '\\')) + self.badchars = re.compile(r'[%s]' % re.escape(''.join(pathsep))) self.topic_proxy = {} @@ -456,6 +459,13 @@ class ZmqProxy(ZmqBaseReactor): LOG.info(_("Creating proxy for topic: %s"), topic) try: + # The topic is received over the network, + # don't trust this input. + if self.badchars.search(topic) is not None: + emsg = _("Topic contained dangerous characters.") + LOG.warn(emsg) + raise RPCException(emsg) + out_sock = ZmqSocket("ipc://%s/zmq_topic_%s" % (ipc_dir, topic), sock_type, bind=True) diff --git a/tests/unit/rpc/test_zmq.py b/tests/unit/rpc/test_zmq.py index c197c35..d42a07d 100644 --- a/tests/unit/rpc/test_zmq.py +++ b/tests/unit/rpc/test_zmq.py @@ -21,6 +21,7 @@ Unit Tests for remote procedure calls using zeromq import eventlet eventlet.monkey_patch() +import itertools import logging import os import socket @@ -100,6 +101,24 @@ class _RpcZmqBaseTestCase(common.BaseRpcTestCase): if self.reactor: self.reactor.close() + def test_cast_pathsep_topic(self): + """Ensure topics with a contain a path separator result in error.""" + tmp_topic = self.topic_nested + + # All OS path separators + badchars = itertools.ifilter(None, + set((os.sep, os.altsep, '/', '\\'))) + for char in badchars: + self.topic_nested = char.join(('hello', 'world')) + try: + # TODO(ewindisch): Determine which exception is raised. + # pending bug #1121348 + self.assertRaises(Exception, self._test_cast, + common.TestReceiver.echo, 42, {"value": 42}, + fanout=False) + finally: + self.topic_nested = tmp_topic + class RpcZmqBaseTopicTestCase(_RpcZmqBaseTestCase): """ |