Project

General

Profile

Bug #51715

rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website

Added by XiangRui Meng 2 months ago. Updated about 2 months ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
website
Backport:
octopus pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Suppose that I have a bucket named www.example.com and my bucket contains the following objects:
index.html
error.html
docs/index.html
docs/error.html
documents/index.html
documents/error.html
I decide to redirect requests for prefix docs/ to documents/. Suppose the host name is objects-website-region.domain.com, then I add two cname records in the DNS configuration.

*.objects-website-region.domain.com. IN CNAME objects-website-region.domain.com.
www.example.com. IN CNAME www.example.com.objects-website-region.domain.com.

when I access http://www.example.com/docs/, then it can redirect to http://www.example.com/documents/ and display index.html's content. However, when I access http://www.example.com/docs only lack the ending slash(/), rgw will crash. The reason is using substr which cause memory read out of bounds. As a result, if I access http://www.example.com/docs, it should also redirect to http://www.example.com/documents/. My reading of https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-page-redirect.html in “Example 1: Redirect after renaming a key prefix” chapter explain this scene. In addition, the logfile shows:

0> 2021-07-16 22:02:01.325 7febb290c700 -1 *** Caught signal (Aborted) **
 in thread 7febb290c700 thread_name:radosgw

 ceph version 14.2.8-3 (5329fd908a5671ddf167ae9d2fe7aac4175d923e) nautilus (stable)
 1: (()+0xf5f0) [0x7fecd47725f0]
 2: (gsignal()+0x37) [0x7fecd3bac337]
 3: (abort()+0x148) [0x7fecd3bada28]
 4: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7fecd44bc7d5]
 5: (()+0x5e746) [0x7fecd44ba746]
 6: (()+0x5e773) [0x7fecd44ba773]
 7: (()+0x5e993) [0x7fecd44ba993]
 8: (virtual thunk to boost::exception_detail::clone_impl<boost::exception_detail::current_exception_std_exception_wrapper<std::out_of_range> >::rethrow() const+0x6e) [0x55a537a7b83e]
 9: (boost::rethrow_exception(boost::exception_ptr const&)+0xd) [0x55a537a6d19d]
 10: (boost::coroutines::detail::push_coroutine_impl<void>::push()+0x4e) [0x55a537a6d28e]
 11: (boost::asio::detail::executor_function<ceph::async::ForwardingHandler<ceph::async::CompletionHandler<boost::asio::detail::coro_handler<boost::asio::executor_binder<void (*)(), boost::asio::executor>, std::shared_lock<ceph::async::SharedMutex<boost::asio::io_context::executor_type> > >, std::tuple<boost::system::error_code, std::shared_lock<ceph::async::SharedMutex<boost::asio::io_context::executor_type> > > > >, std::allocator<void> >::do_complete(boost::asio::detail::executor_function_base*, bool)+0x16d) [0x55a537a7783d]
 12: (boost::asio::detail::executor_op<boost::asio::executor::function, std::allocator<void>, boost::asio::detail::scheduler_operation>::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long)+0x5c) [0x55a537ab11fc]
 13: (boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::executor_type const>::operator()()+0x85) [0x55a537a89585]
 14: (boost::asio::detail::executor_op<boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::executor_type const>, boost::asio::detail::recycling_allocator<void, boost::asio::detail::thread_info_base::default_tag>, boost::asio::detail::scheduler_operation>::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long)+0x94) [0x55a537a898e4]
 15: (boost::asio::detail::scheduler::run(boost::system::error_code&)+0x4ca) [0x55a537a6fdaa]
 16: (()+0x30fe12) [0x55a537a53e12]
 17: (()+0x80e12f) [0x7fecd80f512f]
 18: (()+0x7e65) [0x7fecd476ae65]
 19: (clone()+0x6d) [0x7fecd3c7488d]
 NOTE: a copy of the executable, or `objdump -rdS <executable>` is needed to interpret this.

Related issues

Copied to rgw - Backport #52007: pacific: rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website Resolved
Copied to rgw - Backport #52008: octopus: rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website New

History

#2 Updated by Daniel Gryniewicz 2 months ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 42382

#3 Updated by Casey Bodley about 2 months ago

  • Status changed from Fix Under Review to Pending Backport
  • Backport set to octopus pacific

#4 Updated by Backport Bot about 2 months ago

  • Copied to Backport #52007: pacific: rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website added

#5 Updated by Backport Bot about 2 months ago

  • Copied to Backport #52008: octopus: rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website added

Also available in: Atom PDF