Actions
Bug #19249
closedrgw: unsafe access in RGWListBucket_ObjStore_SWIFT::send_response()
Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
kraken, jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
iter->key is accessed even if iter == objs.end():
while (iter != objs.end() || pref_iter != common_prefixes.end()) { bool do_pref = false; bool do_objs = false; rgw_obj_key& key = iter->key; if (pref_iter == common_prefixes.end()) do_objs = true; else if (iter == objs.end()) do_pref = true; else if (key.name.compare(pref_iter->first) == 0) { do_objs = true; ++pref_iter; } else if (key.name.compare(pref_iter->first) <= 0) do_objs = true; else do_pref = true;
This caused an issue in another branch where we don't take a ref to iter->key, but copy it. We should avoid accessing it anyway.
Updated by Yehuda Sadeh about 7 years ago
- Status changed from New to Pending Backport
Updated by Nathan Cutler about 7 years ago
- Backport changed from kraken to kraken, jewel
Updated by Nathan Cutler about 7 years ago
- Copied to Backport #19574: kraken: rgw: unsafe access in RGWListBucket_ObjStore_SWIFT::send_response() added
Updated by Nathan Cutler about 7 years ago
- Copied to Backport #19575: jewel: rgw: unsafe access in RGWListBucket_ObjStore_SWIFT::send_response() added
Updated by Nathan Cutler almost 7 years ago
- Status changed from Pending Backport to Resolved
Actions