Actions
Bug #58111
closedcrash: verify_bucket_owner_or_policy
% Done:
100%
Source:
Community (user)
Tags:
backport_processed
Backport:
pacific quincy
Regression:
No
Severity:
3 - minor
Reviewed:
Description
When executing 's3cmd ls s3://a:', rgw was terminated.
ceph version 18.0.0-1025-gb1974230208 (b197423020829e2b98ae1ea48bacaf0d82e53b21) reef (dev) 1: /lib64/libpthread.so.0(+0x12ce0) [0x7fc131ce2ce0] 2: (verify_bucket_owner_or_policy(req_state*, unsigned long)+0x30) [0x555983571d14] 3: (RGWGetBucketLocation::verify_permission(optional_yield)+0x43) [0x555983616059] 4: (rgw_process_authenticated(RGWHandler_REST*, RGWOp*&, RGWRequest*, req_state*, optional_yield, rgw::sal::Store*, bool)+0x11bd) [0x5559833 90959] 5: (process_request(rgw::sal::Store*, RGWREST*, RGWRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, rgw::auth::StrategyRegistry const&, RGWRestfulIO*, OpsLogSink*, optional_yield, rgw::dmclock::Scheduler*, std::__cxx11::basic_string <char, std::char_traits<char>, std::allocator<char> >*, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >*, std::shared_ptr< RateLimiter>, rgw::lua::Background*, std::unique_ptr<rgw::sal::LuaManager, std::default_delete<rgw::sal::LuaManager> >&, int*)+0x2fec) [0x555 983395885] 6: /ceph/build/bin/radosgw(+0xbc0cc6) [0x5559832c7cc6] 7: /ceph/build/bin/radosgw(+0xbc1757) [0x5559832c8757] 8: /ceph/build/bin/radosgw(+0xbc190f) [0x5559832c890f] 9: /ceph/build/bin/radosgw(+0xbc1b0c) [0x5559832c8b0c] 10: make_fcontext()
The reason is that the bucket name includes a colon, which is the same issue as https://tracker.ceph.com/issues/56248.
But the patches commented in the tracker cover only a portion of a code path, so the problem of the rgw crash still remains.
In addition, the response code is inconsistent.
When requesting "list" to a non-existent bucket, rgw normally returns 404(Not Found).
But if the bucket name includes a colon, rgw returns 403(Forbidden).
I think both cases should return 404(Not Found) or the second case should return 400(Invalid request).
Updated by Ilsoo Byun over 1 year ago
$ s3cmd --debug ls s3://a:
DEBUG: s3cmd version 2.2.0
DEBUG: ConfigParser: Reading file '/root/.s3cfg'
DEBUG: ConfigParser: access_key->05...17_chars...4
DEBUG: ConfigParser: secret_key->h7...53_chars...=
DEBUG: ConfigParser: host_base->127.0.0.1:8000
DEBUG: ConfigParser: host_bucket->127.0.0.1:8000
DEBUG: ConfigParser: use_https->False
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Command: ls
DEBUG: Bucket 's3://a:':
DEBUG: CreateRequest: resource[uri]=/
DEBUG: ===== SEND Inner request to determine the bucket region =====
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v4
DEBUG: get_hostname(a:): 127.0.0.1:8000
DEBUG: canonical_headers = host:127.0.0.1:8000
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20221129T094112Z
DEBUG: Canonical Request:
GET
/a%3A/
location=
host:127.0.0.1:8000
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20221129T094112Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
----------------------
DEBUG: signature-v4 headers: {'x-amz-date': '20221129T094112Z', 'Authorization': 'AWS4-HMAC-SHA256 Credential=0555b35654ad1656d804/20221129/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=69f94cd101d7c29b3a6b71126ee393bf0661602fe3b3c339927e56ee5f69b74e', 'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'}
DEBUG: Processing request, please wait...
DEBUG: get_hostname(a:): 127.0.0.1:8000
DEBUG: ConnMan.get(): creating new connection: http://127.0.0.1:8000
DEBUG: non-proxied HTTPConnection(127.0.0.1, 8000)
DEBUG: format_uri(): /a%3A/?location
DEBUG: Sending request method_string='GET', uri='/a%3A/?location', headers={'x-amz-date': '20221129T094112Z', 'Authorization': 'AWS4-HMAC-SHA256 Credential=0555b35654ad1656d804/20221129/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=69f94cd101d7c29b3a6b71126ee393bf0661602fe3b3c339927e56ee5f69b74e', 'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'}, body=(0 bytes)
DEBUG: Response:
{}
WARNING: Retrying failed request: /?location (Remote end closed connection without response)
WARNING: Waiting 3 sec...
Updated by Casey Bodley over 1 year ago
- Priority changed from Normal to Urgent
- Backport set to pacific quincy
Updated by Casey Bodley over 1 year ago
- Status changed from New to Fix Under Review
- Pull request ID set to 49141
Updated by Casey Bodley over 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot over 1 year ago
- Copied to Backport #58275: pacific: crash: verify_bucket_owner_or_policy added
Updated by Backport Bot over 1 year ago
- Copied to Backport #58276: quincy: crash: verify_bucket_owner_or_policy added
Updated by Konstantin Shalygin 6 months ago
- Status changed from Pending Backport to Resolved
- % Done changed from 0 to 100
Updated by Konstantin Shalygin 4 months ago
- Assignee set to Casey Bodley
- Source set to Community (user)
Actions