Glance

  1. Bug #1613901
  2. Comment #1

Comment 1 for bug 1613901

Revision history for this message
David Stanek (dstanek) wrote : Re: String "..%c0%af" causes 500 errors in multiple locations in Keystone v3

This happens because webob tries to decode the path as UTF-8, but that is actually malformed UTF-8. This is probably something that should be caught in keystone.common.wsgi and returned as a 400, but I don't think these is any security issues. Is it possible to use this to exploit keystone is some way.

Log from a bad request:

2016-08-16 23:45:25.192 14345 ERROR keystone.common.wsgi [req-dd271afd-aa0c-4fd2-90f2-6366327e9bba - - - - -] 'utf8' codec can't decode byte 0xc0 in position 12: invalid start byte
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi Traceback (most recent call last):
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 372, in _inner
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi return method(self, request)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 432, in __call__
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi response = request.get_response(self.application)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1299, in send
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi application, catch_exc_info=False)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1263, in call_application
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi app_iter = application(self.environ, start_response)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 130, in __call__
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi resp = self.call_func(req, *args, **self.kwargs)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 195, in call_func
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi return self.func(req, *args, **kwargs)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 687, in __call__
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi if request.path_info != '/':
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/webob/descriptors.py", line 68, in fget
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi return req.encget(key, encattr=encattr)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 177, in encget
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi return val.decode(encoding)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi return codecs.utf_8_decode(input, errors, True)
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi UnicodeDecodeError: 'utf8' codec can't decode byte 0xc0 in position 12: invalid start byte
2016-08-16 23:45:25.192 14345 TRACE keystone.common.wsgi