projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04241f2) | patch
CVE-2022-3854: rgw: Guard against malformed bucket URLs
authorAdam C. Emerson <aemerson@redhat.com>
Fri, 8 Jul 2022 18:58:16 +0000 (14:58 -0400)
committerThomas Goirand <zigo@debian.org>
Fri, 29 Sep 2023 08:36:19 +0000 (09:36 +0100)
commit3b3cd5c2a5b3cbe85d7b97bdc3af5a1c31207f8c
treed6279f23d87e63df3ce1b5c9ccdd88c858720db3tree | snapshot
parent04241f20d29cd9d7811acd9edafe7ff2d38e6b22commit | diff
CVE-2022-3854: rgw: Guard against malformed bucket URLs

Fixes: https://tracker.ceph.com/issues/55765
Fixes: https://tracker.ceph.com/issues/56586
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Origin: upstream, https://github.com/ceph/ceph/pull/47194/commits/9746e8011ff1de6de7dba9c0041e28a16c8f6828.patch
Bug-Debian: https://bugs.debian.org/1027151
Last-Update: 2022-01-09

Misplaced colons can result in radosgw thinking is has a bucket URL
but with no bucket name, leading to a crash later on.

Gbp-Pq: Name CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch
src/rgw/rgw_common.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.