Skip malformed cookies

Skip malformed cookies when parsing Cookie header in websocketproxy.py. Change-Id: I4091bd641ca3911666da328488c337835405400f Closes-Bug: #1496932
2016-07-22 18:37:48 +03:00 · 2016-07-22 18:37:48 +03:00 · 6b3b7296b9
commit 6b3b7296b9
parent c7bf2baa26
2 changed files with 40 additions and 3 deletions
--- a/nova/console/websocketproxy.py
+++ b/nova/console/websocketproxy.py
@ -31,6 +31,7 @@ from nova.consoleauth import rpcapi as consoleauth_rpcapi
 from nova import context
 from nova import exception
 from nova.i18n import _
+from nova.i18n import _LW

 LOG = logging.getLogger(__name__)

@ -88,9 +89,17 @@ class NovaProxyRequestHandlerBase(object):
            hcookie = self.headers.getheader('cookie')
            if hcookie:
                cookie = Cookie.SimpleCookie()
-                cookie.load(hcookie)
-                if 'token' in cookie:
-                    token = cookie['token'].value
+                for hcookie_part in hcookie.split(';'):
+                    hcookie_part = hcookie_part.lstrip()
+                    try:
+                        cookie.load(hcookie_part)
+                    except Cookie.CookieError:
+                        # NOTE(stgleb): Do not print out cookie content
+                        # for security reasons.
+                        LOG.warning(_LW('Found malformed cookie'))
+                    else:
+                        if 'token' in cookie:
+                            token = cookie['token'].value

        ctxt = context.get_admin_context()
        rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
--- a/nova/tests/unit/console/test_websocketproxy.py
+++ b/nova/tests/unit/console/test_websocketproxy.py
@ -115,6 +115,16 @@ class NovaProxyRequestHandlerBaseTestCase(test.NoDBTestCase):
        else:
            return

+    def _fake_getheader_malformed_cookie(self, header):
+        if header == 'cookie':
+            return '?=!; token="123-456-789"'
+        elif header == 'Origin':
+            return 'https://example.net:6080'
+        elif header == 'Host':
+            return 'example.net:6080'
+        else:
+            return
+
    @mock.patch('nova.consoleauth.rpcapi.ConsoleAuthAPI.check_token')
    def test_new_websocket_client(self, check_token):
        check_token.return_value = {
@ -370,3 +380,21 @@ class NovaProxyRequestHandlerBaseTestCase(test.NoDBTestCase):

        self.assertRaises(exception.ValidationError,
                          self.wh.new_websocket_client)
+
+    @mock.patch('nova.consoleauth.rpcapi.ConsoleAuthAPI.check_token')
+    def test_malformed_cookie(self, check_token):
+        check_token.return_value = {
+            'host': 'node1',
+            'port': '10000',
+            'console_type': 'novnc',
+            'access_url': 'https://example.net:6080'
+        }
+        self.wh.socket.return_value = '<socket>'
+        self.wh.path = "http://127.0.0.1/"
+        self.wh.headers.getheader = self._fake_getheader_malformed_cookie
+
+        self.wh.new_websocket_client()
+
+        check_token.assert_called_with(mock.ANY, token="123-456-789")
+        self.wh.socket.assert_called_with('node1', 10000, connect=True)
+        self.wh.do_proxy.assert_called_with('<socket>')