]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commit
Code Review / openstack-build / cinder-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 5f28be5) | patch
Fixes SSH injection threat in 3PAR driver
authorKurt Martin <kurt.f.martin@hp.com>
Fri, 16 Aug 2013 15:48:03 +0000 (08:48 -0700)
committerKurt Martin <kurt.f.martin@hp.com>
Fri, 16 Aug 2013 15:57:30 +0000 (08:57 -0700)
commit0ab8c56a456082a8f25fe879a68b032111558536
tree5db05be27706eb3096ba20ec364718e10b261e35tree | snapshot
parent5f28be5cc60ec92cee2733a7f91659a4d2830292commit | diff
Fixes SSH injection threat in 3PAR driver

The setqos ssh command was not built up correctly when the following
patch https://review.openstack.org/#/c/37697/ landed for cleaning up
the SSH calls from injection attacks in the 3PAR driver.

The command was in the following format causing the injection threat
due to the spaces in the second item in the list:
['setqos', '-io 5000 -bw 500M vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']
When it should actually be in the following format:
['setqos', '-io', '5000', '-bw', '500M', 'vvset:vvs-JOHB2Oj0QJ2UaWatwbe7Bg']

This patch fixes an append vs. extend that was introduced in patch
https://review.openstack.org/#/c/42241

Also fixes: bug 1212884

Change-Id: I28f84acd02397ee0d433a666375737145904d67e
cinder/volume/drivers/san/hp/hp_3par_common.py diff | blob | history