| 2021-08-31 08:10:59 |
Slawek Kaplonski |
bug |
|
|
added bug |
| 2021-08-31 13:15:48 |
Jeremy Stanley |
description |
Authorized cloud user may do API requests to neutron to not existing endpoints, like e.g.:
curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token"
and each such request will increase memory consumption of the neutron-api worker process.
What I did was:
* start neutron server with just one api worker (easier to calculate memory consumption but it would be the same leak in case of more workers too). Memory consumption was:
sudo pmap 212436 | tail -n 1
total 183736K
* now run command like:
$ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1 >/dev/null; i=$(( i+1 )); sleep 0.01; done
* check memory consumption of the same api worker now:
sudo pmap 212436 | tail -n 1
total 457896K |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2021-11-29 and will be made
public by or on that date even if no fix is identified.
Authorized cloud user may do API requests to neutron to not existing endpoints, like e.g.:
curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token"
and each such request will increase memory consumption of the neutron-api worker process.
What I did was:
* start neutron server with just one api worker (easier to calculate memory consumption but it would be the same leak in case of more workers too). Memory consumption was:
sudo pmap 212436 | tail -n 1
total 183736K
* now run command like:
$ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1 >/dev/null; i=$(( i+1 )); sleep 0.01; done
* check memory consumption of the same api worker now:
sudo pmap 212436 | tail -n 1
total 457896K |
|
| 2021-08-31 13:16:06 |
Jeremy Stanley |
bug task added |
|
ossa |
|
| 2021-08-31 13:16:25 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
| 2021-08-31 13:16:47 |
Jeremy Stanley |
bug |
|
|
added subscriber Neutron Core Security reviewers |
| 2021-09-02 07:45:09 |
Slawek Kaplonski |
attachment added |
|
0001-Don-t-use-singleton-in-routes.middleware.RoutesMiddl.patch https://bugs.launchpad.net/neutron/+bug/1942179/+attachment/5522478/+files/0001-Don-t-use-singleton-in-routes.middleware.RoutesMiddl.patch |
|
| 2021-09-02 07:58:16 |
Rodolfo Alonso |
bug |
|
|
added subscriber Rodolfo Alonso |
| 2021-09-03 13:12:04 |
Jeremy Stanley |
description |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2021-11-29 and will be made
public by or on that date even if no fix is identified.
Authorized cloud user may do API requests to neutron to not existing endpoints, like e.g.:
curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token"
and each such request will increase memory consumption of the neutron-api worker process.
What I did was:
* start neutron server with just one api worker (easier to calculate memory consumption but it would be the same leak in case of more workers too). Memory consumption was:
sudo pmap 212436 | tail -n 1
total 183736K
* now run command like:
$ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1 >/dev/null; i=$(( i+1 )); sleep 0.01; done
* check memory consumption of the same api worker now:
sudo pmap 212436 | tail -n 1
total 457896K |
Authorized cloud user may do API requests to neutron to not existing endpoints, like e.g.:
curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token"
and each such request will increase memory consumption of the neutron-api worker process.
What I did was:
* start neutron server with just one api worker (easier to calculate memory consumption but it would be the same leak in case of more workers too). Memory consumption was:
sudo pmap 212436 | tail -n 1
total 183736K
* now run command like:
$ i=1; while [ $i -lt 2000 ]; do echo "Request $i"; curl -g -i -X GET http://10.120.0.30:9696/v2.0/blabla -H "Accept: application/json" -H "User-Agent: openstacksdk/0.59.0 keystoneauth1/4.3.1 python-requests/2.26.0 CPython/3.6.8" -H "X-Auth-Token: $token" 2>1 >/dev/null; i=$(( i+1 )); sleep 0.01; done
* check memory consumption of the same api worker now:
sudo pmap 212436 | tail -n 1
total 457896K |
|
| 2021-09-03 13:12:18 |
Jeremy Stanley |
information type |
Private Security |
Public Security |
|
| 2021-09-03 13:12:28 |
Jeremy Stanley |
ossa: status |
Incomplete |
Confirmed |
|
| 2021-09-03 13:12:35 |
Jeremy Stanley |
ossa: importance |
Undecided |
Medium |
|
| 2021-09-03 13:12:43 |
Jeremy Stanley |
ossa: assignee |
|
Jeremy Stanley (fungi) |
|
| 2021-09-03 14:11:07 |
OpenStack Infra |
neutron: status |
New |
In Progress |
|
| 2021-09-07 02:39:10 |
OpenStack Infra |
neutron: status |
In Progress |
Fix Released |
|
| 2021-09-07 14:33:48 |
OpenStack Infra |
tags |
api |
api in-stable-wallaby |
|
| 2021-09-07 14:33:54 |
OpenStack Infra |
tags |
api in-stable-wallaby |
api in-stable-victoria in-stable-wallaby |
|
| 2021-09-07 16:03:17 |
OpenStack Infra |
tags |
api in-stable-victoria in-stable-wallaby |
api in-stable-ussuri in-stable-victoria in-stable-wallaby |
|
| 2021-09-07 18:05:48 |
OpenStack Infra |
tags |
api in-stable-ussuri in-stable-victoria in-stable-wallaby |
api in-stable-rocky in-stable-ussuri in-stable-victoria in-stable-wallaby |
|
| 2021-09-07 19:56:45 |
OpenStack Infra |
tags |
api in-stable-rocky in-stable-ussuri in-stable-victoria in-stable-wallaby |
api in-stable-queens in-stable-rocky in-stable-ussuri in-stable-victoria in-stable-wallaby |
|
| 2021-09-07 21:09:53 |
OpenStack Infra |
tags |
api in-stable-queens in-stable-rocky in-stable-ussuri in-stable-victoria in-stable-wallaby |
api in-stable-queens in-stable-rocky in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby |
|
| 2021-09-08 01:11:13 |
OpenStack Infra |
tags |
api in-stable-queens in-stable-rocky in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby |
api in-stable-queens in-stable-rocky in-stable-stein in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby |
|
| 2021-09-08 12:23:27 |
Dr. Jens Harbott |
bug |
|
|
added subscriber Dr. Jens Harbott |
| 2021-09-08 20:06:19 |
Jeremy Stanley |
summary |
neutron api worker leaks memory when processing requests to not existing controllers |
Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) |
|
| 2021-09-08 20:16:31 |
OpenStack Infra |
ossa: status |
Confirmed |
In Progress |
|
| 2021-09-09 13:48:41 |
OpenStack Infra |
ossa: status |
In Progress |
Fix Released |
|
| 2021-09-09 13:48:47 |
OpenStack Infra |
cve linked |
|
2021-40797 |
|
| 2021-09-09 14:02:39 |
Jeremy Stanley |
summary |
Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) |
[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) |
|
| 2021-11-17 15:47:58 |
Bernard Cafarelli |
tags |
api in-stable-queens in-stable-rocky in-stable-stein in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby |
api in-stable-queens in-stable-rocky in-stable-stein in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby neutron-proactive-backport-potential |
|
| 2021-11-19 16:09:07 |
test |
summary |
[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) |
[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)dsd |
|
| 2021-11-19 16:09:12 |
test |
summary |
[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797)dsd |
[OSSA-2021-006] Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) |
|
| 2021-11-19 16:09:21 |
test |
ossa: assignee |
Jeremy Stanley (fungi) |
|
|
| 2021-11-19 16:13:49 |
test |
bug |
|
|
added subscriber test |
| 2021-11-19 16:56:14 |
test |
attachment added |
|
reproduce.zip https://bugs.launchpad.net/neutron/+bug/1942179/+attachment/5542140/+files/reproduce.zip |
|
| 2021-12-10 14:00:26 |
Slawek Kaplonski |
tags |
api in-stable-queens in-stable-rocky in-stable-stein in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby neutron-proactive-backport-potential |
api in-stable-queens in-stable-rocky in-stable-stein in-stable-train in-stable-ussuri in-stable-victoria in-stable-wallaby |
|
