CVE-2023-43040 rgw: Fix bucket validation against POST policies
Bug: https://tracker.ceph.com/issues/63004
Signed-off-by: Joshua Baergen <jbaergen@digitalocean.com>
Origin: https://github.com/ceph/ceph/commit/
98bfb71cb38899333deb58dd2562037450fd7fa8.patch
Last-Date: 2024-10-09
It's possible that user could provide a form part as a part of a POST
object upload that uses 'bucket' as a key; in this case, it was
overriding what was being set in the validation env (which is the real
bucket being modified). The result of this is that a user could actually
upload to any bucket accessible by the specified access key by matching
the bucket in the POST policy in said POST form part.
Fix this simply by setting the bucket to the correct value after the
POST form parts are processed, ignoring the form part above if
specified.
Gbp-Pq: Name CVE-2023-43040_rgw_Fix_bucket_validation_against_POST_policies.patch
projects / ceph.git / commit