From 4b6818dc62669d0ca62779ae71e64fcfacbf9850 Mon Sep 17 00:00:00 2001
From: Niall Bunting <niall.bunting@hpe.com>
Date: Mon, 27 Jun 2016 16:57:55 +0000
Subject: [PATCH] Check that size is a number

Size could potentially be something thats not a number possibly causing
a shell injection.

Change-Id: Id3766366a8a703b684af5a9ade36334d0abd6039
Closes-Bug: 1590780
---
 glance_store/_drivers/sheepdog.py              |  3 +++
 glance_store/tests/unit/test_sheepdog_store.py | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/glance_store/_drivers/sheepdog.py b/glance_store/_drivers/sheepdog.py
index 95da4033..7f0512d1 100644
--- a/glance_store/_drivers/sheepdog.py
+++ b/glance_store/_drivers/sheepdog.py
@@ -18,6 +18,7 @@
 
 import hashlib
 import logging
+import six
 
 from oslo_concurrency import processutils
 from oslo_config import cfg
@@ -109,6 +110,8 @@ class SheepdogImage(object):
 
         Sheepdog Usage: collie vdi create -a address -p port image size
         """
+        if not isinstance(size, (six.integer_types, float)):
+            raise exceptions.Forbidden("Size is not a number")
         self._run_command("create", None, str(size))
 
     def resize(self, size):
diff --git a/glance_store/tests/unit/test_sheepdog_store.py b/glance_store/tests/unit/test_sheepdog_store.py
index 59f7b6fb..29e90217 100644
--- a/glance_store/tests/unit/test_sheepdog_store.py
+++ b/glance_store/tests/unit/test_sheepdog_store.py
@@ -104,6 +104,18 @@ class TestSheepdogStore(base.StoreBaseTest,
         mock_create.assert_called_once_with(2)
         mock_write.assert_called_once_with(b'xx', 0, 2)
 
+    @mock.patch.object(sheepdog.SheepdogImage, 'write')
+    @mock.patch.object(sheepdog.SheepdogImage, 'exist')
+    def test_add_bad_size_with_image(self, mock_exist, mock_write):
+        data = six.BytesIO(b'xx')
+        mock_exist.return_value = False
+
+        self.assertRaises(exceptions.Forbidden, self.store.add,
+                          'fake_image_id', data, 'test')
+
+        mock_exist.assert_called_once_with()
+        self.assertEqual(mock_write.call_count, 0)
+
     @mock.patch.object(sheepdog.SheepdogImage, 'delete')
     @mock.patch.object(sheepdog.SheepdogImage, 'write')
     @mock.patch.object(sheepdog.SheepdogImage, 'create')