From 0a4c91ec7652d02673a9b156cd16144d778a3844 Mon Sep 17 00:00:00 2001
From: Matt Benjamin <mbenjamin@redhat.com>
Date: Thu, 18 Aug 2016 10:54:16 -0400
Subject: [PATCH] rgw ldap:  protect rgw::from_base64 from non-base64 input

Also adds unit tests for:
1. empty output from from_base64 (turns out to be harmless)
2. random and specific non-base64 and sort strings

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---
 src/rgw/rgw_rest_s3.h      |  7 ++++++-
 src/test/test_rgw_token.cc | 28 ++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h
index 81d71240989a0..c75cf4fdf5354 100644
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -710,7 +710,12 @@ class RGWLDAPAuthEngine: RGWS3V2AuthEngine
       store(store),
       apl_factory(apl_factory) {
       init(cct);
-      base64_token = rgw::from_base64(access_key_id);
+      /* boost filters and/or string_ref may throw on invalid input */
+      try {
+	base64_token = rgw::from_base64(access_key_id);
+      } catch(...) {
+	base64_token = std::string("");
+      }
   }
   const char* get_name() const noexcept override {
     return "RGWLDAPAuthEngine";
diff --git a/src/test/test_rgw_token.cc b/src/test/test_rgw_token.cc
index d3b0af0df4d42..002fb9c1900b6 100644
--- a/src/test/test_rgw_token.cc
+++ b/src/test/test_rgw_token.cc
@@ -43,6 +43,9 @@ namespace {
 
   std::string enc_ldap{"ewogICAgIlJHV19UT0tFTiI6IHsKICAgICAgICAidmVyc2lvbiI6IDEsCiAgICAgICAgInR5cGUiOiAibGRhcCIsCiAgICAgICAgImlkIjogIlNtb25ueSIsCiAgICAgICAgImtleSI6ICJUdXJqYW4gb2YgTWlpciIKICAgIH0KfQo="};
 
+  std::string non_base64{"stuff here"};
+  std::string non_base64_sploded{"90KLscc0Dz4U49HX-7Tx"};
+
   Formatter* formatter{nullptr};
   bool verbose {false};
 }
@@ -71,6 +74,31 @@ TEST(TOKEN, DECODE) {
   }
 }
 
+TEST(TOKEN, EMPTY) {
+    std::string empty{""};
+    RGWToken token{from_base64(empty)}; // decode ctor
+    ASSERT_FALSE(token.valid());
+}
+
+TEST(TOKEN, BADINPUT) {
+    RGWToken token{from_base64(non_base64)}; // decode ctor
+    ASSERT_FALSE(token.valid());
+}
+
+TEST(TOKEN, BADINPUT2) {
+    RGWToken token{from_base64(non_base64_sploded)}; // decode ctor
+    ASSERT_FALSE(token.valid());
+}
+
+TEST(TOKEN, BADINPUT3) {
+  try {
+    std::string stuff = from_base64(non_base64_sploded); // decode
+  } catch(...) {
+    // do nothing
+  }
+  ASSERT_EQ(1, 1);
+}
+
 TEST(TOKEN, SHUTDOWN) {
   delete formatter;
 }