Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Request parameter validation #5

Open
harlowja opened this Issue · 0 comments

1 participant

@harlowja
Owner

It seems like the incoming request parameters for EC2 are just blindly converted to python objects without actually performing any type of validation on them. This seems like it is a security hole and/or DOS attack (buffer sizes...) waiting to happen.

See: https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/ec2utils.py and https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/apirequest.py which are a big part of this.

It seems like there is some basic level of support but I don't believe it is enough:

See: https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/__init__.py#L527

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.