Details
-
Bug
-
Resolution: Fixed
-
Critical
-
6.5.0
-
Untriaged
-
Unknown
Description
I am working on adding support to alternate addresses to the tools and noticed that it seems that the hostname in the external address has no server side validation and will take invalid hostnames.
E.g.
> curl -X PUT -u Administrator:asdasd -d hostname='ftp://some rubish here' http://127.0.0.1:9000/node/controller/setupAlternateAddresses/external
|
|
|
> curl -X GET -u Administrator:asdasd http://localhost:9000/pools/default/nodeServices | json_pp
|
|
|
...
|
"alternateAddresses" : {
|
"external" : {
|
"hostname" : "ftp://some rubish here",
|
"ports" : {
|
"mgmt" : 9000,
|
"kvSSL" : 11996,
|
"projector" : 10000,
|
"capi" : 9500,
|
"capiSSL" : 19500,
|
"mgmtSSL" : 19000,
|
"kv" : 12000
|
}
|
}
|
It will also take and arbitrary length, I have tested up to 10K characters in length. I was hoping also to know what format is hostname expected to take. If we consider a normal address to be of the form scheme://host:port I would expect hostname to be only the host with out port or scheme, is this the expected behaviour?
Attachments
Issue Links
- blocks
-
MB-32761 Tools support to use alternate address
-
- Closed
-
| For Gerrit Dashboard: MB-33271 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 107987,5 | MB-33271: Add validation for hostname in alternate addresses. | master | ns_server | Status: MERGED | +2 | +1 |