Tasks #1055: RGW segfaults if the Owner field is not set in an ACL (subtask) - Ceph - Ceph

Actions

Copy link

Tasks #1055

closed

Bug #1053: rgw XML parsing exploits and flaws

RGW segfaults if the Owner field is not set in an ACL (subtask)

Added by Colin McCabe almost 13 years ago. Updated almost 13 years ago.

Status:

Resolved

Priority:

High

Assignee:

Colin McCabe

Category:

Target version:

v0.28

% Done:

Tags:

Reviewed:

Affected Versions:

Pull request ID:

Description

The following code explains the situation quite well, I think:

void RGWAccessControlPolicy::xml_end(const char *el) {           
  acl = *(RGWAccessControlList *)find_first("AccessControlList");
  owner = *(ACLOwner *)find_first("Owner");
}

We have no idea whether find_first will find either of these things, or return NULL!

If AccessControlList isn't found, of course, the XML is malformed. But that still should not cause us to segfault.

Unfortunately, expat is not a validating XML parser, so we can't just validate against a schema.

Actions

Copy link

Updated by Colin McCabe almost 13 years ago

Status changed from New to Resolved

fixed by a544bda7577321c4d6ecf7664a9363180984da56

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Tasks #1055

RGW segfaults if the Owner field is not set in an ACL (subtask)

Updated by Colin McCabe almost 13 years ago