Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1772556

Summary: civetweb timeouts may result in GET requests returning corrupted data
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Casey Bodley <cbodley>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.0CC: cbodley, ceph-eng-bugs, kbader, mbenjamin, sweil, tserlin
Target Milestone: rc   
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-14.2.4-98.el8cp, ceph-14.2.4-37.el7cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-31 12:48:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Casey Bodley 2019-11-14 15:33:38 UTC 
When civetweb is configured with a request_timeout_ms, mg_write() may return a short write. The loop in RGWCivetWeb::write_data() will then try to rewrite the entire buffer, instead of only the unwritten bytes.

Reproduction steps provided by joke-lee in https://github.com/ceph/ceph/pull/30257#issuecomment-551396823:

this is a file 139MiB size named 201910101336581608-201909121510598784-CMCC_CN_P855A23V1.0.0B18_TO_CMCC_CN_P855A23V1.0.0B19.zip in bucket test

set the timeout to 1s

rgw frontends = "civetweb port=7480 request_timeout_ms=1000" 

restart rgw

and download file with follow script

import socket,hashlib
host = '192.168.198.137'
uri = '/test/201910101336581608-201909121510598784-CMCC_CN_P855A23V1.0.0B18_TO_CMCC_CN_P855A23V1.0.0B19.zip?AWSAccessKeyId=yly&Expires=2203897620&Signature=FUDeErIP2JHOEHNRE42eMflfIKQ%3D'
mysock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
mysock.connect((host, 7480))

domain = host +":7480" 
mysock.send('GET %s HTTP/1.0\r\nHost:%s\r\nAccept-Encoding:gzip,deflate\r\nUser-Agent:yuliyangtest13\r\nRange:bytes=0-\r\n\r\n' % (uri, domain))
count = 0
all_data = "" 
index = 0
while True:
    data = mysock.recv(5120)
    if ( len(data) < 1 ) : break
    # time.sleep(0.25)
    count = count + len(data)
    print len(data), "%sMiB" % (count/1024/1024 , )
    all_data = all_data + data

mysock.close()
# Look for the end of the header (2 CRLF)
pos = all_data.find("\r\n\r\n");
print 'Header length',pos
print all_data[:pos]
# Skip past the header and save the picture data
body = all_data[pos+4:]

with open("download3.zip", "wb") as f:
    f.write(body)
Comment 1 RHEL Program Management 2019-11-14 15:33:43 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 2 Yaniv Kaul 2020-01-09 06:35:51 UTC 
Set this to HIGH severity - but may be urgent since it's a corruption?
Comment 9 errata-xmlrpc 2020-01-31 12:48:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0312