URLs downloaded with cURL should be stripped of newlines
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Landscape Charm |
Fix Released
|
Critical
|
David Britton |
Bug Description
Following on from the recent fix in cURL to address CVE-2014-8150, cURL rejects URLs with newline characters in them.
The landscape charm is currently failing with a hook error because by virtue of the include-file:// directives newline character is at the end of the license-file config value.
2015-01-15 17:32:22 INFO juju-log Fetching License: http://
2015-01-15 17:32:22 INFO config-changed Traceback (most recent call last):
2015-01-15 17:32:22 INFO config-changed File "/var/lib/
2015-01-15 17:32:22 INFO config-changed hooks[hook]()
2015-01-15 17:32:22 INFO config-changed File "/var/lib/
2015-01-15 17:32:22 INFO config-changed _install_license()
2015-01-15 17:32:22 INFO config-changed File "/var/lib/
2015-01-15 17:32:22 INFO config-changed license_file = _download_
2015-01-15 17:32:22 INFO config-changed File "/var/lib/
2015-01-15 17:32:22 INFO config-changed curl.perform()
2015-01-15 17:32:22 INFO config-changed pycurl.error: (3, 'Illegal characters found in URL')
Related branches
- Andreas Hasenack: Approve
- Adam Collard (community): Approve
-
Diff: 82 lines (+34/-5)2 files modifiedhooks/hooks.py (+4/-2)
hooks/test_hooks.py (+30/-3)
CVE References
Changed in landscape-charm: | |
assignee: | nobody → David Britton (davidpbritton) |
Changed in landscape-charm: | |
status: | New → Fix Committed |
trusty:r163
precise:r164