This repository was archived by the owner on Jul 16, 2020. It is now read-only.
This repository was archived by the owner on Jul 16, 2020. It is now read-only.
Controller does not validate updated subnet size #1619
Open
Description
This is based on an inspection of the code so I could be mistaken. However, as far as I can tell controller does not validate the tenant subnet size when processing a tenant update command. Ciao-cli does perform some validation so it's hard to actually exploit this. Nonetheless, it should be possible to construct a json package with invalid data which would potentially destabilize controller. Note the subnet size is verified by controller when creating a new tenant.