Bug #1053
rgw XML parsing exploits and flaws
% Done:
100%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
RGW must never segfault on bad network input. It should handle optional XML fields.
Subtasks
History
#1 Updated by Colin McCabe almost 13 years ago
- Status changed from New to Resolved
I was afraid that there were more mistakes like #1055 in the code, but it looks like the other XML parsing stuff isn't quite as bad.
I did a quick survey of optional fields, and it looks like a544bda7577321c4d6ecf7664a9363180984da56 and a544bda7577321c4d6ecf7664a9363180984da56 should cover it.
#2 Updated by Colin McCabe almost 13 years ago
that should read:
a544bda7577321c4d6ecf7664a9363180984da56 and d6347392634678b93f510f98d3d42407d05a956c