blob: f06997a8557502aaa5e3ffe9d9d38e330ea48156 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Description: CVE-2022-3854: rgw: Guard against malformed bucket URLs
Misplaced colons can result in radosgw thinking is has a bucket URL
but with no bucket name, leading to a crash later on.
Author: "Adam C. Emerson" <aemerson@redhat.com>
Date: Fri, 8 Jul 2022 14:58:16 -0400
Fixes: https://tracker.ceph.com/issues/55765
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Fixes: https://tracker.ceph.com/issues/56586
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Origin: upstream, https://github.com/ceph/ceph/pull/47194/commits/9746e8011ff1de6de7dba9c0041e28a16c8f6828.patch
Bug-Debian: https://bugs.debian.org/1027151
Last-Update: 2022-01-09
Index: ceph/src/rgw/rgw_common.cc
===================================================================
--- ceph.orig/src/rgw/rgw_common.cc
+++ ceph/src/rgw/rgw_common.cc
@@ -1265,6 +1265,11 @@ bool verify_bucket_permission_no_policy(
bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, struct req_state * const s, const int perm)
{
+ if (rgw::sal::RGWBucket::empty(s->bucket)) {
+ // request is missing a bucket name
+ return false;
+ }
+
perm_state_from_req_state ps(s);
if (!verify_requester_payer_permission(&ps))
|