From 4384a2ca7f6379edeab03e22dee29e8ebf62f299 Mon Sep 17 00:00:00 2001
From: Nikhil Manchanda <SlickNik@gmail.com>
Date: Thu, 23 May 2013 02:46:37 -0700
Subject: [PATCH] Fixed format string vulnerability in reddwarf call to
 OpenstackException handler

Exception messages from the mysql extension which may contain user input are
now properly escaped. This fixes any chance of a format string vulnerability.

Fixed bug: 1177936

Change-Id: I7762f605f08a7e7b5f884ee4062aa16e4048f928
---
 reddwarf/extensions/mysql/common.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/reddwarf/extensions/mysql/common.py b/reddwarf/extensions/mysql/common.py
index b4059ffec3..e3b2811be2 100644
--- a/reddwarf/extensions/mysql/common.py
+++ b/reddwarf/extensions/mysql/common.py
@@ -32,7 +32,11 @@ def populate_databases(dbs):
             databases.append(mydb.serialize())
         return databases
     except ValueError as ve:
-        raise exception.BadRequest(str(ve))
+        # str(ve) contains user input and may include '%' which can cause a
+        # format str vulnerability. Escape the '%' to avoid this. This is
+        # okay to do since we're not using dict args here in any case.
+        safe_string = str(ve).replace('%', '%%')
+        raise exception.BadRequest(safe_string)
 
 
 def populate_users(users):