Project

General

Profile

Actions
Copy link

Bug #1053

closed

rgw XML parsing exploits and flaws

Added by Colin McCabe almost 13 years ago. Updated almost 13 years ago.

Status:
Resolved
Priority:
High
Assignee:
Colin McCabe
Category:
-
Target version:
v0.28
% Done:

100%

Source:
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

RGW must never segfault on bad network input. It should handle optional XML fields.

Subtasks 1 (0 open1 closed)

Tasks #1055: RGW segfaults if the Owner field is not set in an ACL (subtask)ResolvedColin McCabe05/04/2011

Actions
Actions
Copy link
 #1

Updated by Colin McCabe almost 13 years ago

  • Status changed from New to Resolved

I was afraid that there were more mistakes like #1055 in the code, but it looks like the other XML parsing stuff isn't quite as bad.

I did a quick survey of optional fields, and it looks like a544bda7577321c4d6ecf7664a9363180984da56 and a544bda7577321c4d6ecf7664a9363180984da56 should cover it.

Actions
Copy link

Also available in: Atom PDF