Bug 1387332 - [rhcs-2.y] rgw: crash when client post object with null conditions
Summary: [rhcs-2.y] rgw: crash when client post object with null conditions
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RGW
Version: 1.3.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 2.1
Assignee: Matt Benjamin (redhat)
QA Contact: shilpa
Depends On: CVE-2016-8626
TreeView+ depends on / blocked
Reported: 2016-10-20 16:17 UTC by Yehuda Sadeh
Modified: 2022-02-21 18:17 UTC (History)
10 users (show)

Fixed In Version: RHEL: ceph-10.2.3-12.el7cp Ubuntu: ceph_10.2.3-13redhat1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-22 19:24:07 UTC

Attachments (Terms of Use)
reproduction script (632 bytes, text/plain)
2016-10-20 16:17 UTC, Yehuda Sadeh
no flags Details
updated test script (688 bytes, text/plain)
2016-10-20 16:58 UTC, Yehuda Sadeh
no flags Details

System ID Private Priority Status Summary Last Updated
Ceph Project Bug Tracker 17635 0 None None None 2016-10-20 16:17:23 UTC
Red Hat Product Errata RHSA-2016:2815 0 normal SHIPPED_LIVE Moderate: Red Hat Ceph Storage security, bug fix, and enhancement update 2017-03-22 02:06:33 UTC
Red Hat Product Errata RHSA-2016:2816 0 normal SHIPPED_LIVE Moderate: Red Hat Ceph Storage security, bug fix, and enhancement update 2016-11-23 00:22:26 UTC

Description Yehuda Sadeh 2016-10-20 16:17:23 UTC
Created attachment 1212566 [details]
reproduction script

Description of problem:

rgw crashes on POST object with null conditions.

Version-Release number of selected component (if applicable):

How reproducible:


Steps to Reproduce:
1. Run the attached script

Actual results:

rgw crashes

Expected results:

rgw returns errors

Additional info:

Comment 2 Yehuda Sadeh 2016-10-20 16:58:36 UTC
Created attachment 1212574 [details]
updated test script

need to modify access and secret keys, make sure specified bucket exists

Comment 7 shilpa 2016-11-03 07:10:55 UTC
Tested on 10.2.3-12. The script fails with error without crashing. 

{'url': u'http://rgw1:80/bucket1', 'fields': {'policy': u'eyJjb25kaXRpb25zIjogW3t9LCB7ImJ1Y2tldCI6ICJidWNrNSJ9LCB7ImtleSI6ICJ0ZXN0c2lnbiJ9XSwgImV4cGlyYXRpb24iOiAiMjAxNi0xMS0wM1QwODowNzowNFoifQ==', 'AWSAccessKeyId': u'CLN3TEBE8V13342ZC9JW', 'key': 'testsign', 'signature': u'UjDkV0UjeO/Ur8rp2hythRG1XRA='}}
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>Failed to parse policy</Message><BucketName>bucket1</BucketName><RequestId>tx0000000000000000a5d6d-00581ae218-d383-us-east</RequestId><HostId>d383-us-east-us</HostId></Error>

Comment 9 errata-xmlrpc 2016-11-22 19:24:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.