Actions
Bug #64084
openMissing validation for request header x_amz_content_sha256
% Done:
0%
Source:
Tags:
sigv4 backport_processed
Backport:
quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Description
"When the value of the x_amz_content_sha256 request header in the request is incorrect, the response status code is 200 OK, which does not meet the expected outcome."
When the value of x_amz_content_sha256 is a non-64-character length string, the result returned upon sending a request to create a bucket is as follows
@18d470fd3a9d ▶ sh create_bucket_ceph.sh * Trying 127.0.0.1:8000... * Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0) > PUT /bkbk2 HTTP/1.1 > Host: 127.0.0.1:8000 > User-Agent: curl/7.76.1 > Accept: */* > Authorization: AWS4-HMAC-SHA256 Credential=user1/20240118/default/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=460f797c5cc316d6686fc9d60cf6e7bf5440292341faf20e94ec37efe5a34fa9 > x-amz-content-sha256: hudiepwhfrue45w > X-Amz-Date: 20240118T080246Z > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < x-amz-request-id: tx00000b6cdb4d31b0106b0-0065a8db26-4137-default < Server: Ceph Object Gateway (squid) < Content-Length: 0 < Date: Thu, 18 Jan 2024 08:02:48 GMT < Connection: Keep-Alive < * Connection #0 to host 127.0.0.1 left intact
When the value of the x-amz-content-sha256 request header is incorrect, bkbk2 successfully creates the bucket without validating the request header.
Files
Actions
#1
Updated by djf daijufang 4 months ago
- File image2024-1-18_17-7-30.png image2024-1-18_17-7-30.png added
- File image2024-1-18_17-6-45.png image2024-1-18_17-6-45.png added
The solution to this issue has been submitted to GitHub. The code link is: https://github.com/ceph/ceph/pull/55230.
The test results for this solution are shown in the following images.
Updated by Casey Bodley 4 months ago
- Status changed from New to Fix Under Review
- Tags set to sigv4
- Pull request ID set to 55230
Updated by Casey Bodley 3 months ago
- Project changed from Ceph to rgw
- Status changed from Fix Under Review to Pending Backport
- Assignee set to Casey Bodley
- Backport set to quincy reef
Updated by Backport Bot 3 months ago
- Copied to Backport #64379: reef: Missing validation for request header x_amz_content_sha256 added
Updated by Backport Bot 3 months ago
- Copied to Backport #64380: quincy: Missing validation for request header x_amz_content_sha256 added
Updated by Backport Bot 3 months ago
- Tags changed from sigv4 to sigv4 backport_processed
Updated by Casey Bodley 3 months ago
- Pull request ID changed from 55230 to 55250
Actions