Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
4.4.2, 4.4.3, 4.3.2, 4.5.1, 4.4.4, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.8.0, 4.9.0
-
None
-
None
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
The user data is validated through the Apache commons codec library, but this library does not check that the length is a multiple of 4 characters. The RFC does not require it either. But the python script in the virtual router that loads the user data does check for the possible padding presence, requiring the string to be a multiple of 4 characters.
>>> import base64 >>> base64.b64decode('foo') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/base64.py", line 78, in b64decode raise TypeError(msg) TypeError: Incorrect padding >>> base64.b64decode('foo=') '~\x8a'
Currently since the java check is less restrictive, the user data gets saved into the database but the VR script crashes when it receives this VM user data. On a single VM it is not really a problem. The critical issue is when a VR is restarted. The invalid pythonic base64 string makes the vmdata.py script crashed, resulting in a VR not starting at all.
