rgw: check for tagging element in POST Obj requests

Check for null element when reading the tagging field from POST obj XML

Fixes: https://tracker.ceph.com/issues/44967
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Origin: upstream, https://github.com/ceph/ceph/pull/34715

Gbp-Pq: Name CVE-2020-12059.patch

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index eb51e7536f3f0e495b949268875368d40f42104f..2a935f0997abb3933858d943cb624dd989a743b3 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -1725,6 +1725,9 @@ int RGWPostObj_ObjStore_S3::get_tags()
     RGWObjTagging_S3 *tagging;
 
     tagging = static_cast<RGWObjTagging_S3 *>(parser.find_first("Tagging"));
+    if (!tagging) {
+      return -ERR_MALFORMED_XML;
+    }
     obj_tags_s3 = static_cast<RGWObjTagSet_S3 *>(tagging->find_first("TagSet"));
     if(!obj_tags_s3){
       return -ERR_MALFORMED_XML;