projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fdfa48f) | patch
rgw: sanitize \r in s3 CORSConfiguration's ExposeHeader
authorCasey Bodley <cbodley@redhat.com>
Tue, 4 May 2021 12:32:58 +0000 (08:32 -0400)
committerBastien Roucariès <rouca@debian.org>
Sat, 21 Oct 2023 16:42:26 +0000 (17:42 +0100)
commitaba4664babc033b5c15d919388e7a68a1316317c
treec278e54d08864370c085ce0fcc399ecfc6975e79tree | snapshot
parentfdfa48ff4592088f27cf62be72cec01b8055342acommit | diff
rgw: sanitize \r in s3 CORSConfiguration's ExposeHeader

follows up on 1524d3c0c5cb11775313ea1e2bb36a93257947f2 to escape \r as
well

Fixes: CVE-2021-3524
Reported-by: Sergey Bobrov <Sergey.Bobrov@kaspersky.com>
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 87806f48e7a1b8891eb90711f1cedd26f1119aac)

Origin: upstream, https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1

Gbp-Pq: Name CVE-2021-3524.patch
src/rgw/rgw_cors.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.