Actions
Bug #19249
closedrgw: unsafe access in RGWListBucket_ObjStore_SWIFT::send_response()
Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
kraken, jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
iter->key is accessed even if iter == objs.end():
while (iter != objs.end() || pref_iter != common_prefixes.end()) {
bool do_pref = false;
bool do_objs = false;
rgw_obj_key& key = iter->key;
if (pref_iter == common_prefixes.end())
do_objs = true;
else if (iter == objs.end())
do_pref = true;
else if (key.name.compare(pref_iter->first) == 0) {
do_objs = true;
++pref_iter;
} else if (key.name.compare(pref_iter->first) <= 0)
do_objs = true;
else
do_pref = true;
This caused an issue in another branch where we don't take a ref to iter->key, but copy it. We should avoid accessing it anyway.
Updated by Yehuda Sadeh about 7 years ago
- Status changed from New to Pending Backport
Updated by Nathan Cutler about 7 years ago
- Backport changed from kraken to kraken, jewel
Updated by Nathan Cutler about 7 years ago
- Copied to Backport #19574: kraken: rgw: unsafe access in RGWListBucket_ObjStore_SWIFT::send_response() added
Updated by Nathan Cutler about 7 years ago
- Copied to Backport #19575: jewel: rgw: unsafe access in RGWListBucket_ObjStore_SWIFT::send_response() added
Updated by Nathan Cutler almost 7 years ago
- Status changed from Pending Backport to Resolved
Actions