Bug #51715
closedrgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website
100%
Description
Suppose that I have a bucket named www.example.com and my bucket contains the following objects:
index.html
error.html
docs/index.html
docs/error.html
documents/index.html
documents/error.html
I decide to redirect requests for prefix docs/ to documents/. Suppose the host name is objects-website-region.domain.com, then I add two cname records in the DNS configuration.
*.objects-website-region.domain.com. IN CNAME objects-website-region.domain.com.
www.example.com. IN CNAME www.example.com.objects-website-region.domain.com.
when I access http://www.example.com/docs/, then it can redirect to http://www.example.com/documents/ and display index.html's content. However, when I access http://www.example.com/docs only lack the ending slash(/), rgw will crash. The reason is using substr which cause memory read out of bounds. As a result, if I access http://www.example.com/docs, it should also redirect to http://www.example.com/documents/. My reading of https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-page-redirect.html in “Example 1: Redirect after renaming a key prefix” chapter explain this scene. In addition, the logfile shows:
0> 2021-07-16 22:02:01.325 7febb290c700 -1 *** Caught signal (Aborted) ** in thread 7febb290c700 thread_name:radosgw ceph version 14.2.8-3 (5329fd908a5671ddf167ae9d2fe7aac4175d923e) nautilus (stable) 1: (()+0xf5f0) [0x7fecd47725f0] 2: (gsignal()+0x37) [0x7fecd3bac337] 3: (abort()+0x148) [0x7fecd3bada28] 4: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7fecd44bc7d5] 5: (()+0x5e746) [0x7fecd44ba746] 6: (()+0x5e773) [0x7fecd44ba773] 7: (()+0x5e993) [0x7fecd44ba993] 8: (virtual thunk to boost::exception_detail::clone_impl<boost::exception_detail::current_exception_std_exception_wrapper<std::out_of_range> >::rethrow() const+0x6e) [0x55a537a7b83e] 9: (boost::rethrow_exception(boost::exception_ptr const&)+0xd) [0x55a537a6d19d] 10: (boost::coroutines::detail::push_coroutine_impl<void>::push()+0x4e) [0x55a537a6d28e] 11: (boost::asio::detail::executor_function<ceph::async::ForwardingHandler<ceph::async::CompletionHandler<boost::asio::detail::coro_handler<boost::asio::executor_binder<void (*)(), boost::asio::executor>, std::shared_lock<ceph::async::SharedMutex<boost::asio::io_context::executor_type> > >, std::tuple<boost::system::error_code, std::shared_lock<ceph::async::SharedMutex<boost::asio::io_context::executor_type> > > > >, std::allocator<void> >::do_complete(boost::asio::detail::executor_function_base*, bool)+0x16d) [0x55a537a7783d] 12: (boost::asio::detail::executor_op<boost::asio::executor::function, std::allocator<void>, boost::asio::detail::scheduler_operation>::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long)+0x5c) [0x55a537ab11fc] 13: (boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::executor_type const>::operator()()+0x85) [0x55a537a89585] 14: (boost::asio::detail::executor_op<boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::executor_type const>, boost::asio::detail::recycling_allocator<void, boost::asio::detail::thread_info_base::default_tag>, boost::asio::detail::scheduler_operation>::do_complete(void*, boost::asio::detail::scheduler_operation*, boost::system::error_code const&, unsigned long)+0x94) [0x55a537a898e4] 15: (boost::asio::detail::scheduler::run(boost::system::error_code&)+0x4ca) [0x55a537a6fdaa] 16: (()+0x30fe12) [0x55a537a53e12] 17: (()+0x80e12f) [0x7fecd80f512f] 18: (()+0x7e65) [0x7fecd476ae65] 19: (clone()+0x6d) [0x7fecd3c7488d] NOTE: a copy of the executable, or `objdump -rdS <executable>` is needed to interpret this.
Updated by XiangRui Meng almost 3 years ago
Updated by Daniel Gryniewicz almost 3 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 42382
Updated by Casey Bodley over 2 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport set to octopus pacific
Updated by Backport Bot over 2 years ago
- Copied to Backport #52007: pacific: rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website added
Updated by Backport Bot over 2 years ago
- Copied to Backport #52008: octopus: rgw: avoid occuring radosgw daemon crash when access a conditionally redirected static website added
Updated by Backport Bot over 1 year ago
- Tags changed from website to website backport_processed
Updated by Konstantin Shalygin about 1 year ago
- Status changed from Pending Backport to Resolved
- % Done changed from 0 to 100