From: Or Friedmann <ofriedma@redhat.com>
Date: Wed, 15 Jan 2020 19:15:53 +0000 (+0200)
Subject: rgw: improve beast
X-Git-Tag: archive/raspbian/12.2.11+dfsg1-2.1+rpi1+deb10u1^2~18
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3cd1818af7c22348a98bfa71441d5a47cbecdcce;p=ceph.git

rgw: improve beast

Avoid leaking connections that had partially-consumed
client data on unexpected disconnect.

Resolves CVE-2020-1700 (moderate impact flaw).

Fixes: https://tracker.ceph.com/issues/42531

Signed-off-by: Or Friedmann <ofriedma@redhat.com>
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

Origin: upstream, https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a

Gbp-Pq: Name CVE-2020-1700.patch
---

diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc
index d2dedd004..0ccc46dd9 100644
--- a/src/rgw/rgw_asio_frontend.cc
+++ b/src/rgw/rgw_asio_frontend.cc
@@ -104,8 +104,7 @@ class StreamIO : public rgw::asio::ClientIO {
     while (body_remaining.size && !parser.is_done()) {
       boost::system::error_code ec;
       beast::http::read_some(stream, buffer, parser, ec);
-      if (ec == beast::http::error::partial_message ||
-          ec == beast::http::error::need_buffer) {
+      if (ec == beast::http::error::need_buffer) {
         break;
       }
       if (ec) {