Skip to content
Permalink
Browse files

rgw: asio: check the remote endpoint before processing requests

`socket.remote_endpoint()` can throw exceptions corresponding to errors in the
`getpeername` syscall, make sure these are handled.

Fixes: CVE-2019-10222, https://tracker.ceph.com/issues/40018
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit caa6531)

Conflicts:
	src/rgw/rgw_asio_frontend.cc
conflicts due to missing yield ctx in nautilus
  • Loading branch information
theanalyst committed Aug 7, 2019
1 parent ba55405 commit 29753dd3ca71bba8713fcf7a09c4bb51629a6f63
Showing with 7 additions and 1 deletion.
  1. +7 −1 src/rgw/rgw_asio_frontend.cc
@@ -142,9 +142,15 @@ void handle_connection(RGWProcessEnv& env, Stream& stream,
RGWRequest req{env.store->get_new_req_id()};

auto& socket = stream.lowest_layer();
const auto& remote_endpoint = socket.remote_endpoint(ec);
if (ec) {
ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl;
return;
}

StreamIO real_client{cct, stream, parser, buffer, is_ssl,
socket.local_endpoint(),
socket.remote_endpoint()};
remote_endpoint};

auto real_client_io = rgw::io::add_reordering(
rgw::io::add_buffering(cct,

0 comments on commit 29753dd

Please sign in to comment.
You can’t perform that action at this time.