diff options
| author |   Michael Mair-Keimberger (asterix) <m.mairkeimberger@gmail.com> | 2017-02-07 17:43:13 +0100 |
|---|---|---|
| committer |   David Seifert <soap@gentoo.org> | 2017-02-09 23:37:08 +0100 |
| commit | b70b15b4f896770a085d72382bd702c0524254a4 (patch) | |
| tree | b126d0c36dcd5028a2e5cbf4856c813f1c11d97a | |
| parent | sys-auth/nss-pam-ldapd: remove unused files (diff) | |
| download | gentoo-b70b15b4f896770a085d72382bd702c0524254a4.tar.gz gentoo-b70b15b4f896770a085d72382bd702c0524254a4.tar.bz2 gentoo-b70b15b4f896770a085d72382bd702c0524254a4.zip | |
sys-cluster/heat: remove unused patch
Closes: https://github.com/gentoo/gentoo/pull/3870
| -rw-r--r-- | sys-cluster/heat/files/CVE-2016-9185.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/sys-cluster/heat/files/CVE-2016-9185.patch b/sys-cluster/heat/files/CVE-2016-9185.patch deleted file mode 100644 index 7b6bd86b818a..000000000000 --- a/sys-cluster/heat/files/CVE-2016-9185.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 02dfb1a64f8a545a6dfed15245ac54c8ea835b81 Mon Sep 17 00:00:00 2001 -From: Daniel Gonzalez <daniel@gonzalez-nothnagel.de> -Date: Mon, 17 Oct 2016 10:22:42 +0200 -Subject: Prevent template validate from scanning ports - -The template validation method in the heat API allows to specify the -template to validate using a URL with the 'template_url' parameter. - -By entering invalid http URLs, like 'http://localhost:22' it is -possible to scan ports by evaluating the error message of the request. - -For example, the request - -curl -H "Content-Type: application/json" -H "X-Auth-Token: <TOKEN>" \ --X POST -d '{"template_url": "http://localhost:22"}' \ -http://127.0.0.1:8004/v1/<TENANT_ID>/validate - -causes the following error message to be returned to the user: - -"Could not retrieve template: Failed to retrieve template: -('Connection aborted.', -BadStatusLine('SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\\r\\n',))" - -This could be misused by tenants to gain knowledge about the internal -network the heat API runs in. - -To prevent this information leak, this patch alters the error message -to not include such details when the url scheme is not 'file'. - -SecurityImpact - -Closes-Bug: #1606500 - -Change-Id: Id1f86f41c1e6c028d889eca7ccbb9cde67631950 -(cherry picked from commit eab9a33ce760c55695a5beb2e541487588b08c98) ---- - heat/common/urlfetch.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/heat/common/urlfetch.py b/heat/common/urlfetch.py -index 7efd968..8a7deae 100644 ---- a/heat/common/urlfetch.py -+++ b/heat/common/urlfetch.py -@@ -75,4 +75,5 @@ def get(url, allowed_schemes=('http', 'https')): - return result - - except exceptions.RequestException as ex: -- raise URLFetchError(_('Failed to retrieve template: %s') % ex) -+ LOG.info(_LI('Failed to retrieve template: %s') % ex) -+ raise URLFetchError(_('Failed to retrieve template from %s') % url) --- -cgit v0.12 - |