New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: Guard against malformed bucket URLs #47025
Conversation
@adamemerson can you clarify where exactly the crash happens? is it really inside of |
No, in its parameter list. With the invalid bucket URL, where there was a colon followed something terminating the bucket parse, |
I'm guessing the crash got introduced in 99f7c4a when req_state::bucket went from being an rgw_bucket object to a unique_ptr . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @adamemerson, that makes sense! i like your fix, but i'd also like to see an explicit null check. the top-level overload of verify_bucket_permission()
looks like a good place:
bool verify_bucket_permission(const DoutPrefixProvider* dpp, struct req_state * const s, const uint64_t op)
{
+ if (rgw::sal::Bucket::empty(s->bucket)) {
+ return false; // request is missing a bucket name
+ }
perm_state_from_req_state ps(s);
return verify_bucket_permission(dpp,
&ps,
s->bucket->get_key(),
cc @dang
`unique_ptr` overload should take by reference. Both should be const. Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Misplaced colons can result in radosgw thinking is has a bucket URL but with no bucket name, leading to a crash later on. Fixes: https://tracker.ceph.com/issues/55765 Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
@cbodley Took out the top level check since s3tests wouldn't even initialize with it there. |
cc @ivancich, there was a force-push after you labeled this for testing |
Misplaced colons can result in radosgw thinking is has a bucket URL
but with no bucket name, leading to a crash later on.
Fixes: https://tracker.ceph.com/issues/55765
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "pacific"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
Checklist
Show available Jenkins commands
jenkins retest this please
jenkins test classic perf
jenkins test crimson perf
jenkins test signed
jenkins test make check
jenkins test make check arm64
jenkins test submodules
jenkins test dashboard
jenkins test dashboard cephadm
jenkins test api
jenkins test docs
jenkins render docs
jenkins test ceph-volume all
jenkins test ceph-volume tox
jenkins test windows