Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/` - Pulp

Actions

Send by e-mail Copy link

Issue #7066

closed

Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`

Added by SimonPe over 4 years ago. Updated over 4 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

SimonPe

Category:

Sprint/Milestone:

3.6.0

Start date:

Due date:

Estimated time:

Severity:

3. High

Version:

Platform Release:

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Sprint:

Sprint 77

Quarter:

Description

when sending a request to ${CONTENT_PATH_PREFIX}/ (whatever CONTENT_PATH_PREFIX is set to, plus one extra slash) pulp-content enters an infinite loop. because:

>>> os.path.split('/path')
('/', 'path')
>>> os.path.split('/')
('/', '')

and hence the while loop in https://github.com/pulp/pulpcore/blob/master/pulpcore/content/handler.py#L152-L158 never reaches the exit condition of base being empty (it stays /)

Actions

Send by e-mail Copy link

Also available in: Atom PDF

Project

Profile

Help

Pulp

Agile boards

Custom queries

Issue #7066

Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`

Updated by SimonPe over 4 years ago

Updated by daviddavis over 4 years ago

Updated by fao89 over 4 years ago

Updated by daviddavis over 4 years ago

Updated by rchan over 4 years ago

Added by SimonPe over 4 years ago

Updated by SimonPe over 4 years ago

Added by SimonPe over 4 years ago

Updated by dkliban@redhat.com over 4 years ago

Updated by pulpbot over 4 years ago