http 500 on certain unicode characters in Content-Type
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Fix Released
|
Low
|
Everardo Padilla Saca |
Bug Description
Returns a 500 error for any Content-Type with a character from \u0080 to \uffff.
Request:
POST /v1/secrets HTTP/1.1
Host: localhost:9311
Content-Length: 248
Accept-Encoding: gzip, deflate
X-Project-Id: 3793662244d04d2
Accept: */*
User-Agent: python-
Connection: keep-alive
X-Auth-Token: [VALID TOKEN]
Content-Type: Ä (\u0080)
{"name": "AES key", "algorithm": "aes", "payload_
HTTP/1.1 500 Internal Server Error
Content-Length: 131
Content-Type: application/json; charset=UTF-8
Connection: close
{"code": 500, "description": "Secret creation failure seen - please contact site administrator.", "title": "Internal Server Error"}
Stacktrace:
2015-02-10 11:57:25.165 18864 ERROR barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.165 18864 TRACE barbican.
2015-02-10 11:57:25.167 18864 WARNING barbican.
{address space usage: 2593398784 bytes/2473MB} {rss usage: 79302656 bytes/75MB} [pid: 18864|app: 0|req: 1995/1995] 127.0.0.1 () {36 vars in 2353 bytes} [Tue Feb 10 11:57:25 2015] POST /v1/secrets => generated 131 bytes in 3 msecs (HTTP/1.1 500) 3 headers in 125 bytes (2 switches on core 0)
=== Impact: ===
Low
=== Systems Vulnerable: ===
Local environment
=== Suggested Mitigation: ===
Enforce a reasonable character set on the Content-Type header.
=== Further References: ===
No references given
Changed in barbican: | |
assignee: | nobody → Everardo Padilla Saca (everardo-padilla-saca) |
Changed in barbican: | |
milestone: | none → kilo-rc1 |
Changed in barbican: | |
status: | Fix Committed → Fix Released |
Changed in barbican: | |
milestone: | kilo-rc1 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/165056
Review: https:/