~ubuntu-branches/ubuntu/saucy/nova/saucy-proposed

« back to all changes in this revision

Viewing changes to nova/api/openstack/wsgi.py

Committer: Package Import Robot
Author(s): Jamie Strandboge
Date: 2012-01-05 08:58:46 UTC
Revision ID: package-import@ubuntu.com-20120105085846-gtvbb26sr3r3v2mu

Tags: 2012.1~e2-0ubuntu4

https://launchpad.net/bugs/904072

* SECURITY UPDATE: fix tenant bypass by authenticated users via OpenStack
API (LP: #904072)
- CVE-2012-XXXX

files added:
.pc/security-fix-tenant-bypass.patch

.pc/security-fix-tenant-bypass.patch/nova

.pc/security-fix-tenant-bypass.patch/nova/api

.pc/security-fix-tenant-bypass.patch/nova/api/openstack

.pc/security-fix-tenant-bypass.patch/nova/api/openstack/wsgi.py

.pc/security-fix-tenant-bypass.patch/nova/tests

.pc/security-fix-tenant-bypass.patch/nova/tests/api

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_createserverext.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_extendedstatus.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_flavors_extra_specs.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_floating_ips.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_keypairs.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_multinic_xs.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_quotas.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_rescue.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_security_groups.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_simple_tenant_usage.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_snapshots.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_virtual_interfaces.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_volume_types.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_volume_types_extra_specs.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/contrib/test_vsa.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/test_extensions.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/test_image_metadata.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/test_servers.py

.pc/security-fix-tenant-bypass.patch/nova/tests/api/openstack/v2/test_urlmap.py

debian/patches/security-fix-tenant-bypass.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

nova/api/openstack/wsgi.py

nova/tests/api/openstack/v2/contrib/test_createserverext.py

nova/tests/api/openstack/v2/contrib/test_extendedstatus.py

nova/tests/api/openstack/v2/contrib/test_flavors_extra_specs.py

nova/tests/api/openstack/v2/contrib/test_floating_ips.py

nova/tests/api/openstack/v2/contrib/test_keypairs.py

nova/tests/api/openstack/v2/contrib/test_multinic_xs.py

nova/tests/api/openstack/v2/contrib/test_quotas.py

nova/tests/api/openstack/v2/contrib/test_rescue.py

nova/tests/api/openstack/v2/contrib/test_security_groups.py

nova/tests/api/openstack/v2/contrib/test_simple_tenant_usage.py

nova/tests/api/openstack/v2/contrib/test_snapshots.py

nova/tests/api/openstack/v2/contrib/test_virtual_interfaces.py

nova/tests/api/openstack/v2/contrib/test_volume_types.py

nova/tests/api/openstack/v2/contrib/test_volume_types_extra_specs.py

nova/tests/api/openstack/v2/contrib/test_vsa.py

nova/tests/api/openstack/v2/test_extensions.py

nova/tests/api/openstack/v2/test_image_metadata.py

nova/tests/api/openstack/v2/test_servers.py

nova/tests/api/openstack/v2/test_urlmap.py

Show diffs side-by-side

added added

removed removed

nova/api/openstack/wsgi.py

560

return Fault(webob.exc.HTTPBadRequest(explanation=msg))

561

562

project_id = args.pop("project_id", None)

563

if 'nova.context' in request.environ and project_id:

564

request.environ['nova.context'].project_id = project_id

563

if ('nova.context' in request.environ and project_id

564

and project_id != request.environ['nova.context'].project_id):

565

msg = _("Malformed request url")

566

return Fault(webob.exc.HTTPBadRequest(explanation=msg))

565

567

566

568

try:

567

569

action_result = self.dispatch(request, action, args)

Older »