2252336 – rgw: object lock retainUntilDate can overflow (32bit seconds)

Bug 2252336 - rgw: object lock retainUntilDate can overflow (32bit seconds)

Summary: rgw: object lock retainUntilDate can overflow (32bit seconds)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	7.0z1
Assignee:	Casey Bodley
QA Contact:	Madhavi Kasturi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2252337 2260311
TreeView+	depends on / blocked

Reported:	2023-11-30 22:12 UTC by Matt Benjamin (redhat)
Modified:	2024-03-07 11:40 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ceph-18.2.0-150.el9cp
Doc Type:	Bug Fix
Doc Text:	Previously, `PutObjectRetention` requests specifying a `RetainUntilDate` after the year 2106 would truncate, resulting in an earlier date used for object lock enforcement. This did not affect ` PutBucketObjectLockConfiguration` requests, where the duration is specified in days. With this fix, the `RetainUntilDate` now saves and works as expected for new `PutObjectRetention` requests. Requests previously existing are not automatically repaired. To fix existing requests, identify the requests by using the `HeadObject` request based on the `x-amz-object-lock-retain-until-date` and save again with the `RetainUntilDate`. For more information, see Ceph Object Gateway and the S3 API > S3 object operations > S3 put object retention, in the Red Hat Ceph Storage Developer Guide.
Clone Of:
Clones:	2252337 (view as bug list)
Environment:
Last Closed:	2024-03-07 11:40:28 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	ceph ceph pull 54516	None	Merged	rgw: object lock avoids 32-bit truncation of RetainUntilDate	2023-11-30 22:12:20 UTC
Red Hat Issue Tracker	RHCEPH-7983	None	None	None	2023-11-30 22:13:25 UTC
Red Hat Product Errata	RHBA-2024:1214	None	None	None	2024-03-07 11:40:37 UTC

Description Matt Benjamin (redhat) 2023-11-30 22:12:21 UTC

a RetainUntilDate with year >= 2107 will parse correctly, but the binary encoding will truncate it to 32-bit seconds. s3 object lock is then enforced using the wrong date

use new round_trip_encode/decode() functions for the RetainUntilDate encoding to preserve these large values

because the bug was in encode(), this fix does not repair existing objects with the incorrect date

Fixes: https://tracker.ceph.com/issues/63537

Comment 1 RHEL Program Management 2023-11-30 22:12:32 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 7 errata-xmlrpc 2024-03-07 11:40:28 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 7.0 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:1214

Note You need to log in before you can comment on or make changes to this bug.