2109256 – Crash on malformed bucket URL

Bug 2109256 - Crash on malformed bucket URL

Summary: Crash on malformed bucket URL

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	5.3
Assignee:	Adam C. Emerson
QA Contact:	Hemanth Sai
Docs Contact:	Akash Raj
URL:
Whiteboard:
Duplicates (1):	2138921 (view as bug list)
Depends On:
Blocks:	2118423 2126049
TreeView+	depends on / blocked

Reported:	2022-07-20 19:01 UTC by Adam C. Emerson
Modified:	2023-03-20 09:54 UTC (History)
CC List:	12 users (show)
Fixed In Version:	ceph-16.2.10-75.el8cp
Doc Type:	Bug Fix
Doc Text:	.Ceph Object Gateway no longer crashes with malformed URLs Previously, a refactoring abstraction replaced a bucket value with a pointer to a bucket value that was not always initialized. This caused malformed URLs corresponding to bucket operations on no buckets resulting in Ceph Object Gateway crashing. With this fix, a check on the pointer has been implemented into the call path and Ceph Object Gateway returns a permission error, rather than crashing, if it is uninitialized.
Clone Of:
Clones:	2118423 (view as bug list)
Environment:
Last Closed:	2023-01-11 17:40:00 UTC
Embargoed:
Dependent Products:
Flags:	aemerson: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	55765	None	None	None	2022-07-20 19:01:18 UTC
Red Hat Issue Tracker	RHCEPH-4865	None	None	None	2022-07-20 19:19:04 UTC
Red Hat Product Errata	RHSA-2023:0076	None	None	None	2023-01-11 17:41:01 UTC

Description Adam C. Emerson 2022-07-20 19:01:18 UTC

Description of problem:

Crash when attempt is made to operate on malformed bucket URL.

How reproducible:

Deterministically.

Steps to Reproduce:
1. Make a request like s3://https:///example.com/%2f..

Actual results:

Crash.

Expected results:

No crash.

Comment 33 Hemanth Sai 2023-01-05 10:32:12 UTC

*** Bug 2138921 has been marked as a duplicate of this bug. ***

Comment 35 errata-xmlrpc 2023-01-11 17:40:00 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.3 security update and Bug Fix), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0076

Note You need to log in before you can comment on or make changes to this bug.