Bug #19739
Content-MD5 header is not validated with POST uploads
% Done:
0%
Source:
Tags:
Backport:
jewel kraken
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Radosgw does not check Content-MD5 header against uploaded file, if upload is done with POST method. It does work with PUT.
Attached script to reproduce. Tested against jewel 10.2.7
Related issues
History
#1 Updated by Yehuda Sadeh almost 7 years ago
- Priority changed from Normal to High
#2 Updated by Yehuda Sadeh almost 7 years ago
#3 Updated by Yehuda Sadeh almost 7 years ago
we'll also need to create a new test in s3-tests for this one.
#4 Updated by Orit Wasserman almost 7 years ago
- Assignee set to Orit Wasserman
#5 Updated by Orit Wasserman almost 7 years ago
- Status changed from New to Fix Under Review
#6 Updated by Orit Wasserman almost 7 years ago
s3test tracker: http://tracker.ceph.com/issues/20213
#7 Updated by Yehuda Sadeh over 6 years ago
- Status changed from Fix Under Review to 7
#8 Updated by Yuri Weinstein over 6 years ago
#9 Updated by Casey Bodley over 6 years ago
- Status changed from 7 to Pending Backport
- Backport set to jewel kraken
#10 Updated by Nathan Cutler over 6 years ago
- Copied to Backport #20724: jewel: Content-MD5 header is not validated with POST uploads added
#11 Updated by Nathan Cutler over 6 years ago
- Copied to Backport #20725: kraken: Content-MD5 header is not validated with POST uploads added
#12 Updated by Nathan Cutler over 5 years ago
- Status changed from Pending Backport to Resolved