[
https://issues.apache.org/jira/browse/CLOUDSTACK-9141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15052798#comment-15052798
]
ASF GitHub Bot commented on CLOUDSTACK-9141:
--------------------------------------------
GitHub user wido opened a pull request:
https://github.com/apache/cloudstack/pull/1220
CLOUDSTACK-9141: Validate userdata for valid base64
This prevents the userdata from going through the stack completely
and finding out very late in the process that it is invalid data.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/wido/cloudstack CLOUDSTACK-9141
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1220.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1220
----
commit d6b37001607d9b5f8514e48350ee3fee62328b90
Author: Wido den Hollander <w...@widodh.nl>
Date: 2015-12-11T13:25:24Z
CLOUDSTACK-9141: Validate userdata for valid base64
This prevents the userdata from going through the stack completely
and finding out very late in the process that it is invalid data.
----
> Userdata is not validated for valid base64
> ------------------------------------------
>
> Key: CLOUDSTACK-9141
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9141
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
> Affects Versions: 4.6.0, 4.7.0
> Reporter: Wido den Hollander
>
> Currently the userdata passed to "deployvirtualmachine" is not verified if it
> is valid base64.
> It is passed all the way down the the VR without validating if it is correct
> base64.
> We simple check if it is valid should be done in the management server before
> attempting a deployment.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
