Actions
Bug #23663
closedlibcurl ignores headers with empty value, leading to signature mismatches
% Done:
0%
Source:
Tags:
curl multisite
Backport:
jewel, luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
From https://curl.haxx.se/libcurl/c/CURLOPT_HTTPHEADER.html:
If you add a header with no content as in 'Accept:' (no data on the right side of the colon), the internally used header will get disabled. With this option you can add new headers, replace internal headers and remove internal headers. To add a header with no content (nothing to the right side of the colon), use the form 'MyHeader;' (note the ending semicolon).
This shows up in multisite when requests are forwarded to the master zone. If the original request has a header in x_meta_map with an empty value, it's included in our signature but isn't actually sent over the wire. The receiver is then unable to calculate the correct signature.
Updated by Casey Bodley about 6 years ago
- Status changed from New to Fix Under Review
Updated by Orit Wasserman about 6 years ago
- Status changed from Fix Under Review to 17
Updated by Casey Bodley almost 6 years ago
- Status changed from 17 to Pending Backport
Updated by Nathan Cutler almost 6 years ago
- Copied to Backport #23906: luminous: libcurl ignores headers with empty value, leading to signature mismatches added
Updated by Nathan Cutler almost 6 years ago
- Copied to Backport #23907: jewel: libcurl ignores headers with empty value, leading to signature mismatches added
Updated by Nathan Cutler over 5 years ago
- Status changed from Pending Backport to Resolved
Actions