Project

General

Profile

Bug #19739

Content-MD5 header is not validated with POST uploads

Added by Marcin Gibula over 1 year ago. Updated 26 days ago.

Status:
Resolved
Priority:
High
Target version:
-
Start date:
04/21/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
jewel kraken
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

Radosgw does not check Content-MD5 header against uploaded file, if upload is done with POST method. It does work with PUT.

Attached script to reproduce. Tested against jewel 10.2.7

content-md5-bug.php View (2.18 KB) Marcin Gibula, 04/21/2017 12:22 PM


Related issues

Copied to rgw - Backport #20724: jewel: Content-MD5 header is not validated with POST uploads Rejected
Copied to rgw - Backport #20725: kraken: Content-MD5 header is not validated with POST uploads Rejected

History

#1 Updated by Yehuda Sadeh over 1 year ago

  • Priority changed from Normal to High

#3 Updated by Yehuda Sadeh over 1 year ago

we'll also need to create a new test in s3-tests for this one.

#4 Updated by Orit Wasserman over 1 year ago

  • Assignee set to Orit Wasserman

#5 Updated by Orit Wasserman over 1 year ago

  • Status changed from New to Need Review

#7 Updated by Yehuda Sadeh over 1 year ago

  • Status changed from Need Review to Testing

#8 Updated by Yuri Weinstein over 1 year ago

Orit Wasserman wrote:

s3test tracker: http://tracker.ceph.com/issues/20213

merged

#9 Updated by Casey Bodley over 1 year ago

  • Status changed from Testing to Pending Backport
  • Backport set to jewel kraken

#10 Updated by Nathan Cutler over 1 year ago

  • Copied to Backport #20724: jewel: Content-MD5 header is not validated with POST uploads added

#11 Updated by Nathan Cutler over 1 year ago

  • Copied to Backport #20725: kraken: Content-MD5 header is not validated with POST uploads added

#12 Updated by Nathan Cutler 26 days ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF