Actions
Tasks #1055
closedBug #1053: rgw XML parsing exploits and flaws
RGW segfaults if the Owner field is not set in an ACL (subtask)
% Done:
0%
Tags:
Reviewed:
Affected Versions:
Pull request ID:
Description
The following code explains the situation quite well, I think:
void RGWAccessControlPolicy::xml_end(const char *el) { acl = *(RGWAccessControlList *)find_first("AccessControlList"); owner = *(ACLOwner *)find_first("Owner"); }
We have no idea whether find_first will find either of these things, or return NULL!
If AccessControlList isn't found, of course, the XML is malformed. But that still should not cause us to segfault.
Unfortunately, expat is not a validating XML parser, so we can't just validate against a schema.
Updated by Colin McCabe almost 13 years ago
- Status changed from New to Resolved
fixed by a544bda7577321c4d6ecf7664a9363180984da56
Actions