etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs 

Description:

	New 3.0.x merge included a new instance of InvalidParameterValue exception
	being raised. Fixing it.
This commit is contained in:
Vijayendra Bhamidipati 2012-07-27 15:15:32 -07:00
parent b8211728e1
commit b6e70f2281
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -2528,8 +2528,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
_nicDao.expunge(nic.getId());
}
}
@Override
public void checkVirtualNetworkCidrOverlap(Long zoneId, String cidr) {
if (zoneId == null) {
@ -4668,13 +4668,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
idList.add(new IdentityProxy(networkOffering, networkOfferingId, "networkOfferingId"));
throw new InvalidParameterValueException("Network offering with specified id is not in " + NetworkOffering.State.Enabled + " state, can't upgrade to it", idList);
}
//can't update from vpc to non-vpc network offering
boolean forVpcNew = _configMgr.isOfferingForVpc(networkOffering);
boolean vorVpcOriginal = _configMgr.isOfferingForVpc(_configMgr.getNetworkOffering(oldNetworkOfferingId));
if (forVpcNew != vorVpcOriginal) {
String errMsg = forVpcNew ? "a vpc offering " : "not a vpc offering";
throw new InvalidParameterValueException("Can't update as the new offering is " + errMsg);
throw new InvalidParameterValueException("Can't update as the new offering is " + errMsg, null);
}
//perform below validation if the network is vpc network