Project

Profile

Help

Issue #7066

Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`

Added by SimonPe 2 days ago. Updated about 6 hours ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:

Description

when sending a request to ${CONTENT_PATH_PREFIX}/ (whatever CONTENT_PATH_PREFIX is set to, plus one extra slash) pulp-content enters an infinite loop. because:

>>> os.path.split('/path')
('/', 'path')
>>> os.path.split('/')
('/', '')

and hence the while loop in https://github.com/pulp/pulpcore/blob/master/pulpcore/content/handler.py#L152-L158 never reaches the exit condition of base being empty (it stays /)

History

#2 Updated by daviddavis about 6 hours ago

I was able to reproduce this:

$ http :/pulp/content//

The content app hung for a while and then I saw this in the logs:

Jul 02 19:48:20 pulp3-source-fedora.crake.example.com gunicorn[28299]: [2020-07-02 19:48:20 +0000] [28299] [CRITICAL] WORKER TIMEOUT (pid:28312)
Jul 02 19:48:21 pulp3-source-fedora.crake.example.com gunicorn[28299]: [2020-07-02 19:48:21 +0000] [28337] [INFO] Booting worker with pid: 28337

Please register to edit this issue

Also available in: Atom PDF