Project

General

Profile

Bug #1053

rgw XML parsing exploits and flaws

Added by Colin McCabe almost 13 years ago. Updated almost 13 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Target version:
% Done:

100%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

RGW must never segfault on bad network input. It should handle optional XML fields.


Subtasks

Tasks #1055: RGW segfaults if the Owner field is not set in an ACL (subtask)ResolvedColin McCabe

History

#1 Updated by Colin McCabe almost 13 years ago

  • Status changed from New to Resolved

I was afraid that there were more mistakes like #1055 in the code, but it looks like the other XML parsing stuff isn't quite as bad.

I did a quick survey of optional fields, and it looks like a544bda7577321c4d6ecf7664a9363180984da56 and a544bda7577321c4d6ecf7664a9363180984da56 should cover it.

Also available in: Atom PDF