diff options
author | Zuul <zuul@review.opendev.org> | 2021-09-09 09:34:29 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2021-09-09 09:34:29 +0000 |
commit | 7b34c755958b0dfec148c0261b275115983a23ca (patch) | |
tree | 3e0677e7f14714619bcb0ab28b371c820e4d5001 | |
parent | dfbb9bcb5dae282c575b33171d691a5fca946beb (diff) | |
parent | 110fed07cb83deb3abd85073cb351066713b6384 (diff) | |
download | neutron-7b34c755958b0dfec148c0261b275115983a23ca.tar.gz |
Merge "Remove dhcp_extra_opt value after first newline character" into stable/queens
-rw-r--r-- | neutron/agent/linux/dhcp.py | 7 | ||||
-rw-r--r-- | neutron/tests/unit/agent/linux/test_dhcp.py | 7 | ||||
-rw-r--r-- | releasenotes/notes/fix-newline-chars-in-dhcp-extra-options-bf86d30371556d63.yaml | 6 |
3 files changed, 16 insertions, 4 deletions
diff --git a/neutron/agent/linux/dhcp.py b/neutron/agent/linux/dhcp.py index 3114f436b0..67e5cfa045 100644 --- a/neutron/agent/linux/dhcp.py +++ b/neutron/agent/linux/dhcp.py @@ -1153,10 +1153,11 @@ class Dnsmasq(DhcpLocalProcess): else: option = 'option6:%s' % option if extra_tag: - tags = ('tag:' + tag, extra_tag[:-1], '%s' % option) + tags = ['tag:' + tag, extra_tag[:-1], '%s' % option] else: - tags = ('tag:' + tag, '%s' % option) - return ','.join(tags + args) + tags = ['tag:' + tag, '%s' % option] + + return ','.join(tags + [v.split("\n", 1)[0] for v in args]) @staticmethod def _convert_to_literal_addrs(ip_version, ips): diff --git a/neutron/tests/unit/agent/linux/test_dhcp.py b/neutron/tests/unit/agent/linux/test_dhcp.py index c819782da3..0229bb8c47 100644 --- a/neutron/tests/unit/agent/linux/test_dhcp.py +++ b/neutron/tests/unit/agent/linux/test_dhcp.py @@ -225,6 +225,9 @@ class FakeV6PortExtraOpt(object): self.extra_dhcp_opts = [ DhcpOpt(opt_name='dns-server', opt_value='ffea:3ba5:a17a:4ba3::100', + ip_version=6), + DhcpOpt(opt_name='malicious-option', + opt_value='aaa\nbbb.ccc\n', ip_version=6)] @@ -2700,7 +2703,9 @@ class TestDnsmasq(TestBase): exp_opt_data = ('tag:subnet-eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee,' 'option6:domain-search,openstacklocal\n' 'tag:port-hhhhhhhh-hhhh-hhhh-hhhh-hhhhhhhhhhhh,' - 'option6:dns-server,ffea:3ba5:a17a:4ba3::100').lstrip() + 'option6:dns-server,ffea:3ba5:a17a:4ba3::100\n' + 'tag:port-hhhhhhhh-hhhh-hhhh-hhhh-hhhhhhhhhhhh,' + 'option6:malicious-option,aaa').lstrip() dm = self._get_dnsmasq(FakeV6NetworkStatelessDHCP()) dm._output_hosts_file() dm._output_opts_file() diff --git a/releasenotes/notes/fix-newline-chars-in-dhcp-extra-options-bf86d30371556d63.yaml b/releasenotes/notes/fix-newline-chars-in-dhcp-extra-options-bf86d30371556d63.yaml new file mode 100644 index 0000000000..d2a8c2f68b --- /dev/null +++ b/releasenotes/notes/fix-newline-chars-in-dhcp-extra-options-bf86d30371556d63.yaml @@ -0,0 +1,6 @@ +--- +security: + - | + Fix `bug 1939733 <https://bugs.launchpad.net/neutron/+bug/1939733>`_ by + dropping from the dhcp extra option values everything what is after first + newline (``\n``) character before passing them to the dnsmasq. |