[ https://issues.apache.org/jira/browse/CLOUDSTACK-9593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16305265#comment-16305265 ]
ASF subversion and git services commented on CLOUDSTACK-9593: ------------------------------------------------------------- Commit a26a5023458b8b95779409fb231ad12badacc8a8 in cloudstack's branch refs/heads/master from [~marcaurele] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=a26a502 ] CLOUDSTACK-9593: userdata: enforce data is a multiple of 4 characters (#1760) Python base64 requires that the string is a multiple of 4 characters but the Apache codec does not. RFC states is not mandatory so the data should not fail the VR script (vmdata.py). Signed-off-by: Marc-Aurèle Brothier <m...@brothier.org> Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> > User data check is inconsistent with python > ------------------------------------------- > > Key: CLOUDSTACK-9593 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9593 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.4.2, 4.4.3, 4.3.2, 4.5.1, 4.4.4, 4.5.2, 4.6.0, 4.6.1, > 4.6.2, 4.7.0, 4.7.1, 4.8.0, 4.9.0 > Reporter: Marc-Aurèle Brothier > Assignee: Marc-Aurèle Brothier > > The user data is validated through the Apache commons codec library, but this > library does not check that the length is a multiple of 4 characters. The RFC > does not require it either. But the python script in the virtual router that > loads the user data does check for the possible padding presence, requiring > the string to be a multiple of 4 characters. > {code:python} > >>> import base64 > >>> base64.b64decode('foo') > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File > "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/base64.py", > line 78, in b64decode > raise TypeError(msg) > TypeError: Incorrect padding > >>> base64.b64decode('foo=') > '~\x8a' > {code} > Currently since the java check is less restrictive, the user data gets saved > into the database but the VR script crashes when it receives this VM user > data. On a single VM it is not really a problem. The critical issue is when a > VR is restarted. The invalid pythonic base64 string makes the vmdata.py > script crashed, resulting in a VR not starting at all. -- This message was sent by Atlassian JIRA (v6.4.14#64029)