Fixed format string vulnerability in reddwarf call to OpenstackException handler

Exception messages from the mysql extension which may contain user input are now properly escaped. This fixes any chance of a format string vulnerability. Fixed bug: 1177936 Change-Id: I7762f605f08a7e7b5f884ee4062aa16e4048f928
2013-05-23 02:46:37 -07:00 · 2013-05-23 02:46:37 -07:00 · 4384a2ca7f
commit 4384a2ca7f
parent 76f705fa36
1 changed files with 5 additions and 1 deletions
--- a/reddwarf/extensions/mysql/common.py
+++ b/reddwarf/extensions/mysql/common.py
@ -32,7 +32,11 @@ def populate_databases(dbs):
            databases.append(mydb.serialize())
        return databases
    except ValueError as ve:
-        raise exception.BadRequest(str(ve))
+        # str(ve) contains user input and may include '%' which can cause a
+        # format str vulnerability. Escape the '%' to avoid this. This is
+        # okay to do since we're not using dict args here in any case.
+        safe_string = str(ve).replace('%', '%%')
+        raise exception.BadRequest(safe_string)


 def populate_users(users):