From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Wed, 22 Apr 2020 09:24:34 +0000 (+0200)
Subject: rgw: check for tagging element in POST Obj requests
X-Git-Tag: archive/raspbian/12.2.11+dfsg1-2.1+rpi1+deb10u1^2~13
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b4873c149f740b331f5309082fc1796ae5c72eee;p=ceph.git

rgw: check for tagging element in POST Obj requests

Check for null element when reading the tagging field from POST obj XML

Fixes: https://tracker.ceph.com/issues/44967
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>

Origin: upstream, https://github.com/ceph/ceph/pull/34715

Gbp-Pq: Name CVE-2020-12059.patch
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index eb51e7536..2a935f099 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -1725,6 +1725,9 @@ int RGWPostObj_ObjStore_S3::get_tags()
     RGWObjTagging_S3 *tagging;
 
     tagging = static_cast<RGWObjTagging_S3 *>(parser.find_first("Tagging"));
+    if (!tagging) {
+      return -ERR_MALFORMED_XML;
+    }
     obj_tags_s3 = static_cast<RGWObjTagSet_S3 *>(tagging->find_first("TagSet"));
     if(!obj_tags_s3){
       return -ERR_MALFORMED_XML;