[ https://issues.apache.org/jira/browse/CLOUDSTACK-9593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15656511#comment-15656511 ]
ASF GitHub Bot commented on CLOUDSTACK-9593: -------------------------------------------- GitHub user marcaurele opened a pull request: https://github.com/apache/cloudstack/pull/1760 CLOUDSTACK-9593: userdata: enforce data is a multiple of 4 characters Python base64 requires that the string is a multiple of 4 characters but the Apache codec does not. RFC says is not mandatory but the data should not fail the VR script (vmdata.py). Signed-off-by: Marc-Aurèle Brothier <m...@brothier.org> You can merge this pull request into a Git repository by running: $ git pull https://github.com/exoscale/cloudstack fix/CLOUDSTACK-9593 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cloudstack/pull/1760.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1760 ---- commit 9575195c01ddd8079f3fdacf5712071db14d5207 Author: Marc-Aurèle Brothier <m...@brothier.org> Date: 2016-11-11T07:53:41Z userdata: enforce data is a multiple of 4 characters Python base64 requires that the string is a multiple of 4 characters but the Apache codec does not. RFC says is not mandatory but the data should not fail the VR script (vmdata.py). Signed-off-by: Marc-Aurèle Brothier <m...@brothier.org> ---- > User data check is inconsistent with python > ------------------------------------------- > > Key: CLOUDSTACK-9593 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9593 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.4.2, 4.4.3, 4.3.2, 4.5.1, 4.4.4, 4.5.2, 4.6.0, 4.6.1, > 4.6.2, 4.7.0, 4.7.1, 4.8.0, 4.9.0 > Reporter: Marc-Aurèle Brothier > Assignee: Marc-Aurèle Brothier > > The user data is validated through the Apache commons codec library, but this > library does not check that the length is a multiple of 4 characters. The RFC > does not require it either. But the python script in the virtual router that > loads the user data does check for the possible padding presence, requiring > the string to be a multiple of 4 characters. > {code:python} > >>> import base64 > >>> base64.b64decode('foo') > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File > "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/base64.py", > line 78, in b64decode > raise TypeError(msg) > TypeError: Incorrect padding > >>> base64.b64decode('foo=') > '~\x8a' > {code} > Currently since the java check is less restrictive, the user data gets saved > into the database but the VR script crashes when it receives this VM user > data. On a single VM it is not really a problem. The critical issue is when a > VR is restarted. The invalid pythonic base64 string makes the vmdata.py > script crashed, resulting in a VR not starting at all. -- This message was sent by Atlassian JIRA (v6.3.4#6332)