1 files changed, 29 insertions, 0 deletions

diff --git a/debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch b/debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch
new file mode 100644
index 000000000..f06997a85
--- /dev/null
+++ b/debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch
@@ -0,0 +1,29 @@
+Description: CVE-2022-3854: rgw: Guard against malformed bucket URLs
+ Misplaced colons can result in radosgw thinking is has a bucket URL
+ but with no bucket name, leading to a crash later on.
+Author: "Adam C. Emerson" <aemerson@redhat.com>
+Date: Fri, 8 Jul 2022 14:58:16 -0400
+Fixes: https://tracker.ceph.com/issues/55765
+Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
+Fixes: https://tracker.ceph.com/issues/56586
+Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
+Origin: upstream, https://github.com/ceph/ceph/pull/47194/commits/9746e8011ff1de6de7dba9c0041e28a16c8f6828.patch
+Bug-Debian: https://bugs.debian.org/1027151
+Last-Update: 2022-01-09
+
+Index: ceph/src/rgw/rgw_common.cc
+===================================================================
+--- ceph.orig/src/rgw/rgw_common.cc
++++ ceph/src/rgw/rgw_common.cc
+@@ -1265,6 +1265,11 @@ bool verify_bucket_permission_no_policy(
+ 
+ bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, struct req_state * const s, const int perm)
+ {
++  if (rgw::sal::RGWBucket::empty(s->bucket)) {
++    // request is missing a bucket name
++    return false;
++  }
++
+   perm_state_from_req_state ps(s);
+ 
+   if (!verify_requester_payer_permission(&ps))