From 9fdc92b57bfb1e92fdb90e9bffc07bd928801630 Mon Sep 17 00:00:00 2001
From: Erno Kuvaja <jokke@usr.fi>
Date: Thu, 6 Aug 2015 16:29:28 +0000
Subject: [PATCH] Add mechanism to limit Request ID size

Adding 'max_request_id_length' defaulting to 0 for backportability.

DocImpact
SecurityImpact

Closes-Bug: #1482301
Change-Id: Ie68afe7610a414bbcc42ff3bee33a9779303c115
---
 doc/source/configuring.rst       |  7 +++++++
 glance/api/middleware/context.py | 11 ++++++++++-
 glance/tests/unit/test_opts.py   |  2 ++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/doc/source/configuring.rst b/doc/source/configuring.rst
index 481272a082..9a93f9f291 100644
--- a/doc/source/configuring.rst
+++ b/doc/source/configuring.rst
@@ -192,6 +192,13 @@ will prevent any new processes from being created.
 
 Optional. Default: The number of CPUs available will be used by default.
 
+* ``max_request_id_length=LENGTH``
+
+Limits the maximum size of the x-openstack-request-id header which is
+logged. Affects only if context middleware is configured in pipeline.
+
+Optional. Default: ``0`` (Limited by max_header_line default: 16384)
+
 Configuring SSL Support
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/glance/api/middleware/context.py b/glance/api/middleware/context.py
index 77ce4d94e1..b53e4f6e46 100644
--- a/glance/api/middleware/context.py
+++ b/glance/api/middleware/context.py
@@ -38,6 +38,8 @@ context_opts = [
                 help=_('Allow unauthenticated users to access the API with '
                        'read-only privileges. This only applies when using '
                        'ContextMiddleware.')),
+    cfg.IntOpt('max_request_id_length', default=0,
+               help=_('Limits request ID length.')),
 ]
 
 CONF = cfg.CONF
@@ -110,6 +112,13 @@ class ContextMiddleware(BaseContextMiddleware):
                 raise webob.exc.HTTPInternalServerError(
                     _('Invalid service catalog json.'))
 
+        request_id = req.headers.get('X-Openstack-Request-ID')
+        if request_id and (0 < CONF.max_request_id_length <
+                           len(request_id)):
+            msg = (_('x-openstack-request-id is too long, max size %s') %
+                   CONF.max_request_id_length)
+            return webob.exc.HTTPRequestHeaderFieldsTooLarge(comment=msg)
+
         kwargs = {
             'user': req.headers.get('X-User-Id'),
             'tenant': req.headers.get('X-Tenant-Id'),
@@ -119,7 +128,7 @@ class ContextMiddleware(BaseContextMiddleware):
             'owner_is_tenant': CONF.owner_is_tenant,
             'service_catalog': service_catalog,
             'policy_enforcer': self.policy_enforcer,
-            'request_id': req.headers.get('X-Openstack-Request-ID'),
+            'request_id': request_id,
         }
 
         return glance.context.RequestContext(**kwargs)
diff --git a/glance/tests/unit/test_opts.py b/glance/tests/unit/test_opts.py
index 47a3f21afe..34887d22f2 100644
--- a/glance/tests/unit/test_opts.py
+++ b/glance/tests/unit/test_opts.py
@@ -81,6 +81,7 @@ class OptsTestCase(utils.BaseTestCase):
             'enable_v3_api',
             'enable_v1_registry',
             'enable_v2_registry',
+            'max_request_id_length',
             'pydev_worker_debug_host',
             'pydev_worker_debug_port',
             'metadata_encryption_key',
@@ -169,6 +170,7 @@ class OptsTestCase(utils.BaseTestCase):
             'enable_v1_registry',
             'enable_v2_registry',
             'pydev_worker_debug_host',
+            'max_request_id_length',
             'pydev_worker_debug_port',
             'metadata_encryption_key',
             'bind_host',