Project

General

Profile

Fix #41376

Sanitize HTTP_X_AUTH_TOKEN http header element to remove trailing <CR> and <LF> characters

Added by Mark Kogan 29 days ago.

Status:
Verified
Priority:
Normal
Assignee:
Target version:
Start date:
08/21/2019
Due date:
% Done:

0%

Source:
Support
Tags:
Backport:
yes
Reviewed:
ceph-qa-suite:
Pull request ID:

Description

The trailing <CR> and <LF> characters in HTTP_X_AUTH_TOKEN http header
cause swift requests to fail authentication

2019-08-18 19:24:19.045115 7fd50dd99700 20 HTTP_X_AUTH_TOKEN=AUTH_rgwtk110000006c626865616c746863686b3a7377696674b12a50488693ce3ba22f5b5d6d00221faa0e55d983da2f4d2821c4de915b3346398bfaee^M
                                                                                                                                                                                         ^^
2019-08-18 19:24:19.045118 7fd50dd99700 20 REQUEST_METHOD=GET
2019-08-18 19:21:58.988801 7fd50ed9b700 10 op=24RGWGetObj_ObjStore_SWIFT
2019-08-18 19:21:58.988802 7fd50ed9b700  2 req 31:0.000067:swift:GET /swift/v1/1-5SIIR/b59fc18a-8b68-4c41-a0dd-5075fc0d9705:get_obj:verifying requester
2019-08-18 19:21:58.988805 7fd50ed9b700 20 rgw::auth::swift::DefaultStrategy: trying rgw::auth::swift::TempURLEngine
2019-08-18 19:21:58.988807 7fd50ed9b700 20 rgw::auth::swift::TempURLEngine denied with reason=-13
2019-08-18 19:21:58.988808 7fd50ed9b700 20 rgw::auth::swift::DefaultStrategy: trying rgw::auth::swift::SignedTokenEngine
2019-08-18 19:21:58.988811 7fd50ed9b700 20 rgw::auth::swift::SignedTokenEngine denied with reason=-1
                                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2019-08-18 19:21:58.988813 7fd50ed9b700 20 rgw::auth::swift::DefaultStrategy: trying rgw::auth::swift::SwiftAnonymousEngine
2019-08-18 19:21:58.988814 7fd50ed9b700 20 rgw::auth::swift::SwiftAnonymousEngine denied with reason=-1
2019-08-18 19:21:58.988815 7fd50ed9b700  5 Failed the auth strategy, reason=-1
2019-08-18 19:21:58.988816 7fd50ed9b700 10 failed to authorize request
2019-08-18 19:24:19.045334 7fd50dd99700  1 ====== req done req=0x7fd50dd92f70 op status=0 http_status=401 ======

Also available in: Atom PDF