2252337 – rgw: object lock retainUntilDate can overflow (32bit seconds)

Bug 2252337 - rgw: object lock retainUntilDate can overflow (32bit seconds)

Summary: rgw: object lock retainUntilDate can overflow (32bit seconds)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	6.1z3
Assignee:	Casey Bodley
QA Contact:	Tejas
Docs Contact:
URL:
Whiteboard:
Depends On:	2252336
Blocks:
TreeView+	depends on / blocked

Reported:	2023-11-30 22:13 UTC by Matt Benjamin (redhat)
Modified:	2024-02-25 11:41 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ceph-17.2.6-164.el9cp
Doc Type:	Bug Fix
Doc Text:	sharing release note from upstream pr: Fixed a S3 Object Lock bug with PutObjectRetention requests that specify a RetainUntilDate after the year 2106. This date was truncated to 32 bits when stored, so a much earlier date was used for object lock enforcement. This does not effect PutBucketObjectLockConfiguration where a duration is given in Days. The RetainUntilDate encoding is fixed for new PutObjectRetention requests, but cannot repair the dates of existing object locks. Such objects can be identified with a HeadObject request based on the x-amz-object-lock-retain-until-date response header.
Clone Of:	2252336
Environment:
Last Closed:	2023-12-12 13:56:13 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-7984	0	None	None	None	2023-11-30 22:14:02 UTC
Red Hat Product Errata	RHSA-2023:7740	0	None	None	None	2023-12-12 13:56:16 UTC

Description Matt Benjamin (redhat) 2023-11-30 22:13:48 UTC

+++ This bug was initially created as a clone of Bug #2252336 +++

a RetainUntilDate with year >= 2107 will parse correctly, but the binary encoding will truncate it to 32-bit seconds. s3 object lock is then enforced using the wrong date

use new round_trip_encode/decode() functions for the RetainUntilDate encoding to preserve these large values

because the bug was in encode(), this fix does not repair existing objects with the incorrect date

Fixes: https://tracker.ceph.com/issues/63537

--- Additional comment from RHEL Program Management on 2023-11-30 22:12:32 UTC ---

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 9 errata-xmlrpc 2023-12-12 13:56:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:7740

Note You need to log in before you can comment on or make changes to this bug.