Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2252337

Summary: rgw: object lock retainUntilDate can overflow (32bit seconds)
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Matt Benjamin (redhat) <mbenjamin>
Component: RGWAssignee: Casey Bodley <cbodley>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1CC: cbodley, ceph-eng-bugs, cephqe-warriors, dwalveka, mkasturi, tserlin
Target Milestone: ---   
Target Release: 6.1z3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-17.2.6-164.el9cp Doc Type: Bug Fix
Doc Text:
sharing release note from upstream pr: Fixed a S3 Object Lock bug with PutObjectRetention requests that specify a RetainUntilDate after the year 2106. This date was truncated to 32 bits when stored, so a much earlier date was used for object lock enforcement. This does not effect PutBucketObjectLockConfiguration where a duration is given in Days. The RetainUntilDate encoding is fixed for new PutObjectRetention requests, but cannot repair the dates of existing object locks. Such objects can be identified with a HeadObject request based on the x-amz-object-lock-retain-until-date response header.
 Story Points: ---
Clone Of: 2252336 Environment:
Last Closed: 2023-12-12 13:56:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2252336    
Bug Blocks:    

Description Matt Benjamin (redhat) 2023-11-30 22:13:48 UTC 
+++ This bug was initially created as a clone of Bug #2252336 +++

a RetainUntilDate with year >= 2107 will parse correctly, but the binary encoding will truncate it to 32-bit seconds. s3 object lock is then enforced using the wrong date

use new round_trip_encode/decode() functions for the RetainUntilDate encoding to preserve these large values

because the bug was in encode(), this fix does not repair existing objects with the incorrect date

Fixes: https://tracker.ceph.com/issues/63537

--- Additional comment from RHEL Program Management on 2023-11-30 22:12:32 UTC ---

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 9 errata-xmlrpc 2023-12-12 13:56:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:7740