Skip to content

Commit

Permalink
Merge pull request #10777 from linuxbox2/rgw-token-base64
Browse files Browse the repository at this point in the history
rgw ldap:  protect rgw::from_base64 from non-base64 input

Reviewed-by: Casey Bodley <cbodley@redhat.com>
  • Loading branch information
cbodley committed Aug 18, 2016
2 parents 4c33fa5 + 0a4c91e commit 94d8137
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/rgw/rgw_rest_s3.h
Expand Up @@ -710,7 +710,12 @@ class RGWLDAPAuthEngine: RGWS3V2AuthEngine
store(store),
apl_factory(apl_factory) {
init(cct);
base64_token = rgw::from_base64(access_key_id);
/* boost filters and/or string_ref may throw on invalid input */
try {
base64_token = rgw::from_base64(access_key_id);
} catch(...) {
base64_token = std::string("");
}
}
const char* get_name() const noexcept override {
return "RGWLDAPAuthEngine";
Expand Down
28 changes: 28 additions & 0 deletions src/test/test_rgw_token.cc
Expand Up @@ -43,6 +43,9 @@ namespace {

std::string enc_ldap{"ewogICAgIlJHV19UT0tFTiI6IHsKICAgICAgICAidmVyc2lvbiI6IDEsCiAgICAgICAgInR5cGUiOiAibGRhcCIsCiAgICAgICAgImlkIjogIlNtb25ueSIsCiAgICAgICAgImtleSI6ICJUdXJqYW4gb2YgTWlpciIKICAgIH0KfQo="};

std::string non_base64{"stuff here"};
std::string non_base64_sploded{"90KLscc0Dz4U49HX-7Tx"};

Formatter* formatter{nullptr};
bool verbose {false};
}
Expand Down Expand Up @@ -71,6 +74,31 @@ TEST(TOKEN, DECODE) {
}
}

TEST(TOKEN, EMPTY) {
std::string empty{""};
RGWToken token{from_base64(empty)}; // decode ctor
ASSERT_FALSE(token.valid());
}

TEST(TOKEN, BADINPUT) {
RGWToken token{from_base64(non_base64)}; // decode ctor
ASSERT_FALSE(token.valid());
}

TEST(TOKEN, BADINPUT2) {
RGWToken token{from_base64(non_base64_sploded)}; // decode ctor
ASSERT_FALSE(token.valid());
}

TEST(TOKEN, BADINPUT3) {
try {
std::string stuff = from_base64(non_base64_sploded); // decode
} catch(...) {
// do nothing
}
ASSERT_EQ(1, 1);
}

TEST(TOKEN, SHUTDOWN) {
delete formatter;
}
Expand Down

0 comments on commit 94d8137

Please sign in to comment.