Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hammer: rgw: do not abort when accept a CORS request with short origin #12398

Merged
merged 1 commit into from Jan 3, 2017
Merged

hammer: rgw: do not abort when accept a CORS request with short origin #12398

merged 1 commit into from Jan 3, 2017

Conversation

mattbenjamin
Copy link
Contributor

@mattbenjamin mattbenjamin commented Dec 8, 2016
edited by smithfarm

@ly798 @mattbenjamin
rgw: do not abort when accept a CORS request with short origin
0f83bb7 
Fixed: ceph#18187

when accept a CROS request, the request http origin shorter than the bucket's corsrule
(eg. origin: http://s.com corsrule: <AllowedOrigin>*.verylongdomain.com</AllowedOrigin>).
the rgw_cors.cc::is_string_in_set() will have a wrong index, the radosrgw server will
abort.

$ curl http://test.localhost:8000/app.data -H "Origin:http://s.com"

 0> 2016-12-05 03:22:29.548138 7f6add05d700 -1 *** Caught signal (Aborted) **
 in thread 7f6add05d700 thread_name:civetweb-worker

 ceph version 11.0.2-2168-gd2f8fb4 (d2f8fb4)
 1: (()+0x50720a) [0x7f6b147c420a]
 2: (()+0xf370) [0x7f6b09a33370]
 3: (gsignal()+0x37) [0x7f6b081ca1d7]
 4: (abort()+0x148) [0x7f6b081cb8c8]
 5: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7f6b08ace9d5]
 6: (()+0x5e946) [0x7f6b08acc946]
 7: (()+0x5e973) [0x7f6b08acc973]
 8: (()+0x5eb93) [0x7f6b08accb93]
 9: (std::__throw_out_of_range(char const*)+0x77) 0x7f6b08b21a17]
 10: (()+0xbd97a) [0x7f6b08b2b97a]
 11: (()+0x449c1e) [0x7f6b14706c1e]
 12: (RGWCORSRule::is_origin_present(char const*)+0x48) [0x7f6b147073b8]
 13: (RGWCORSConfiguration::host_name_rule(char const*)+0x37) [0x7f6b147074e7]
 14: (RGWOp::generate_cors_headers(std::string&, std::string&, std::string&, std::string&, unsigned int*)+0xa3) [0x7f6b14593e63]
 15: (dump_access_control(req_state*, RGWOp*)+0x61) [0x7f6b14653f91]

Signed-off-by: LiuYang <yippeetry@gmail.com>
(cherry picked from commit 67d4d9e)
@mattbenjamin mattbenjamin added this to the hammer milestone Dec 8, 2016
@smithfarm
Copy link
Contributor

original description

Fixed: #18187

when accept a CROS request, the request http origin shorter than the bucket's corsrule
(eg. origin: http://s.com corsrule: *.verylongdomain.com).
the rgw_cors.cc::is_string_in_set() will have a wrong index, the radosrgw server will
abort.

$ curl http://test.localhost:8000/app.data -H "Origin:http://s.com"

0> 2016-12-05 03:22:29.548138 7f6add05d700 -1 *** Caught signal (Aborted) **
in thread 7f6add05d700 thread_name:civetweb-worker

ceph version 11.0.2-2168-gd2f8fb4 (d2f8fb4)
1: (()+0x50720a) [0x7f6b147c420a]
2: (()+0xf370) [0x7f6b09a33370]
3: (gsignal()+0x37) [0x7f6b081ca1d7]
4: (abort()+0x148) [0x7f6b081cb8c8]
5: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7f6b08ace9d5]
6: (()+0x5e946) [0x7f6b08acc946]
7: (()+0x5e973) [0x7f6b08acc973]
8: (()+0x5eb93) [0x7f6b08accb93]
9: (std::__throw_out_of_range(char const*)+0x77) 0x7f6b08b21a17]
10: (()+0xbd97a) [0x7f6b08b2b97a]
11: (()+0x449c1e) [0x7f6b14706c1e]
12: (RGWCORSRule::is_origin_present(char const*)+0x48) [0x7f6b147073b8]
13: (RGWCORSConfiguration::host_name_rule(char const*)+0x37) [0x7f6b147074e7]
14: (RGWOp::generate_cors_headers(std::string&, std::string&, std::string&, std::string&, unsigned int*)+0xa3) [0x7f6b14593e63]
15: (dump_access_control(req_state*, RGWOp*)+0x61) [0x7f6b14653f91]

Signed-off-by: LiuYang yippeetry@gmail.com
(cherry picked from commit 67d4d9e)

smithfarm added a commit to SUSE/ceph that referenced this pull request Dec 13, 2016
@smithfarm
Merge pull request ceph#12398: hammer: rgw: do not abort when accept …
e2479f4 
…a CORS request with short origin

Reviewed-by: Nathan Cutler <ncutler@suse.com>
smithfarm added a commit that referenced this pull request Dec 14, 2016
@smithfarm
Merge pull request #12398: hammer: rgw: do not abort when accept a CO…
acd74cf 
…RS request with short origin

Reviewed-by: Nathan Cutler <ncutler@suse.com>
smithfarm added a commit that referenced this pull request Dec 14, 2016
@smithfarm
Merge pull request #12398: hammer: rgw: do not abort when accept a CO…
a048025 
…RS request with short origin

Reviewed-by: Nathan Cutler <ncutler@suse.com>
smithfarm added a commit that referenced this pull request Jan 2, 2017
@smithfarm
Merge pull request #12398: hammer: rgw: do not abort when accept a CO…
383cf30 
…RS request with short origin

Reviewed-by: Nathan Cutler <ncutler@suse.com>
@smithfarm
Copy link
Contributor

@mattbenjamin @oritwas @yehudasa This PR passed an rgw suite as detailed by http://tracker.ceph.com/issues/17151#note-30

Do you think it's OK to merge?

@smithfarm
Copy link
Contributor

This passed another RGW suite at http://tracker.ceph.com/issues/17151#note-35

@oritwas
Copy link
Member

oritwas commented Jan 3, 2017

lgtm

@smithfarm smithfarm merged commit 78e3451 into ceph:hammer Jan 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug-fix rgw
Projects
None yet
Milestone
hammer
4 participants
@mattbenjamin @smithfarm @oritwas @ly798