x-error-msg HTTP header sometimes contains newlines which make it invalid
Bug #2039075 reported by
Olivier Gayot
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
subiquity |
Fix Released
|
Undecided
|
Olivier Gayot |
Bug Description
When the Subiquity server raises an exception in a HTTP request handler context, more often than not, the exception is sent back to the client in the body.
Additionally, the message of the exception (if any), is also copied as is in a x-error-msg HTTP header.
That said, HTTP headers must obey strict rules. While "\n" indicates the end of the current HTTP header, the aiohttp library rejects any header that has a "\r" or "\n" in its value:
ValueError: Newline or carriage return character detected in HTTP status message or header. This is a potential security issue.
As an example, any curtin.
Changed in subiquity: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
https:/ /github. com/canonical/ subiquity/ pull/1782