From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Wed, 7 Aug 2019 15:09:32 +0000 (+0200)
Subject: rgw: asio: check the remote endpoint before processing requests
X-Git-Tag: archive/raspbian/12.2.11+dfsg1-2.1+rpi1+deb10u1^2~19
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=3ec3c59038030228752be55279da1e6046bd2935;p=ceph.git

rgw: asio: check the remote endpoint before processing requests

`socket.remote_endpoint()` can throw exceptions corresponding to errors in the
`getpeername` syscall, make sure these are handled.

Fixes: CVE-2019-10222, https://tracker.ceph.com/issues/40018
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>

Origin: upstream, https://github.com/ceph/ceph/commit/6171399fdedd928b4249d135b4036e3de25079aa

Gbp-Pq: Name CVE-2019-10222.patch
---

diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc
index e974ae7bf..d2dedd004 100644
--- a/src/rgw/rgw_asio_frontend.cc
+++ b/src/rgw/rgw_asio_frontend.cc
@@ -165,9 +165,15 @@ void handle_connection(RGWProcessEnv& env, Stream& stream,
     RGWRequest req{env.store->get_new_req_id()};
 
     auto& socket = stream.lowest_layer();
+    const auto& remote_endpoint = socket.remote_endpoint(ec);
+    if (ec) {
+        ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl;
+        return;
+    }
+
     StreamIO<Stream> real_client{stream, parser, buffer, is_ssl,
                                  socket.local_endpoint(),
-                                 socket.remote_endpoint()};
+                                 remote_endpoint};
 
     auto real_client_io = rgw::io::add_reordering(
                             rgw::io::add_buffering(cct,