Project

General

Profile

Bug #58111

crash: verify_bucket_owner_or_policy

Added by Ilsoo Byun 2 months ago. Updated about 2 months ago.

Status:
Pending Backport
Priority:
Urgent
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
backport_processed
Backport:
pacific quincy
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When executing 's3cmd ls s3://a:', rgw was terminated.

 ceph version 18.0.0-1025-gb1974230208 (b197423020829e2b98ae1ea48bacaf0d82e53b21) reef (dev)
 1: /lib64/libpthread.so.0(+0x12ce0) [0x7fc131ce2ce0]
 2: (verify_bucket_owner_or_policy(req_state*, unsigned long)+0x30) [0x555983571d14]
 3: (RGWGetBucketLocation::verify_permission(optional_yield)+0x43) [0x555983616059]
 4: (rgw_process_authenticated(RGWHandler_REST*, RGWOp*&, RGWRequest*, req_state*, optional_yield, rgw::sal::Store*, bool)+0x11bd) [0x5559833
90959]
 5: (process_request(rgw::sal::Store*, RGWREST*, RGWRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
 const&, rgw::auth::StrategyRegistry const&, RGWRestfulIO*, OpsLogSink*, optional_yield, rgw::dmclock::Scheduler*, std::__cxx11::basic_string
<char, std::char_traits<char>, std::allocator<char> >*, std::chrono::duration<unsigned long, std::ratio<1l, 1000000000l> >*, std::shared_ptr<
RateLimiter>, rgw::lua::Background*, std::unique_ptr<rgw::sal::LuaManager, std::default_delete<rgw::sal::LuaManager> >&, int*)+0x2fec) [0x555
983395885]
 6: /ceph/build/bin/radosgw(+0xbc0cc6) [0x5559832c7cc6]
 7: /ceph/build/bin/radosgw(+0xbc1757) [0x5559832c8757]
 8: /ceph/build/bin/radosgw(+0xbc190f) [0x5559832c890f]
 9: /ceph/build/bin/radosgw(+0xbc1b0c) [0x5559832c8b0c]
 10: make_fcontext()

The reason is that the bucket name includes a colon, which is the same issue as https://tracker.ceph.com/issues/56248.
But the patches commented in the tracker cover only a portion of a code path, so the problem of the rgw crash still remains.

In addition, the response code is inconsistent.
When requesting "list" to a non-existent bucket, rgw normally returns 404(Not Found).
But if the bucket name includes a colon, rgw returns 403(Forbidden).

I think both cases should return 404(Not Found) or the second case should return 400(Invalid request).


Related issues

Copied to rgw - Backport #58275: pacific: crash: verify_bucket_owner_or_policy New
Copied to rgw - Backport #58276: quincy: crash: verify_bucket_owner_or_policy New

History

#1 Updated by Ilsoo Byun 2 months ago

$ s3cmd --debug ls s3://a:
DEBUG: s3cmd version 2.2.0
DEBUG: ConfigParser: Reading file '/root/.s3cfg'
DEBUG: ConfigParser: access_key->05...17_chars...4
DEBUG: ConfigParser: secret_key->h7...53_chars...=
DEBUG: ConfigParser: host_base->127.0.0.1:8000
DEBUG: ConfigParser: host_bucket->127.0.0.1:8000
DEBUG: ConfigParser: use_https->False
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Command: ls
DEBUG: Bucket 's3://a:':
DEBUG: CreateRequest: resource[uri]=/
DEBUG: ===== SEND Inner request to determine the bucket region =====
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v4
DEBUG: get_hostname(a:): 127.0.0.1:8000
DEBUG: canonical_headers = host:127.0.0.1:8000
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20221129T094112Z

DEBUG: Canonical Request:
GET
/a%3A/
location=
host:127.0.0.1:8000
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20221129T094112Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
----------------------
DEBUG: signature-v4 headers: {'x-amz-date': '20221129T094112Z', 'Authorization': 'AWS4-HMAC-SHA256 Credential=0555b35654ad1656d804/20221129/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=69f94cd101d7c29b3a6b71126ee393bf0661602fe3b3c339927e56ee5f69b74e', 'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'}
DEBUG: Processing request, please wait...
DEBUG: get_hostname(a:): 127.0.0.1:8000
DEBUG: ConnMan.get(): creating new connection: http://127.0.0.1:8000
DEBUG: non-proxied HTTPConnection(127.0.0.1, 8000)
DEBUG: format_uri(): /a%3A/?location
DEBUG: Sending request method_string='GET', uri='/a%3A/?location', headers={'x-amz-date': '20221129T094112Z', 'Authorization': 'AWS4-HMAC-SHA256 Credential=0555b35654ad1656d804/20221129/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=69f94cd101d7c29b3a6b71126ee393bf0661602fe3b3c339927e56ee5f69b74e', 'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'}, body=(0 bytes)
DEBUG: Response:
{}
WARNING: Retrying failed request: /?location (Remote end closed connection without response)
WARNING: Waiting 3 sec...

#2 Updated by Casey Bodley 2 months ago

  • Priority changed from Normal to Urgent
  • Backport set to pacific quincy

#3 Updated by Casey Bodley 2 months ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 49141

#4 Updated by Casey Bodley about 2 months ago

  • Status changed from Fix Under Review to Pending Backport

#5 Updated by Backport Bot about 2 months ago

  • Copied to Backport #58275: pacific: crash: verify_bucket_owner_or_policy added

#6 Updated by Backport Bot about 2 months ago

  • Copied to Backport #58276: quincy: crash: verify_bucket_owner_or_policy added

#7 Updated by Backport Bot about 2 months ago

  • Tags set to backport_processed

Also available in: Atom PDF