fix CVE-2023-43040

Signed-off-by: wangzengliang <wangzengliang2@huawei.com> (cherry picked from commit 18f048121b48d30deab35eaabc6565c5bbd90dd4)
2023-10-18 11:24:18 +08:00 · 2023-10-18 11:24:18 +08:00 · 3c38ebd2e1
commit 3c38ebd2e1
parent 00fc75dcf6
2 changed files with 47 additions and 1 deletions
--- a/0027-fix-CVE-2023-43040.patch
+++ b/0027-fix-CVE-2023-43040.patch
@ -0,0 +1,41 @@
+From 62010cd68bb68207d51c2e373ff9a4a18a2b005c Mon Sep 17 00:00:00 2001
+From: wangzengliang <wangzengliang2@huawei.com>
+Date: Wed, 18 Oct 2023 11:18:56 +0800
+Subject: [PATCH] fix CVE-2023-43040
+
+Fixes: https://tracker.ceph.com/issues/63004
+copied-by: https://github.com/ceph/ceph/pull/53758
+signed-off-by: Joshua Baergen <jbaergen@gigitalocean.com>
+---
+ src/rgw/rgw_rest_s3.cc | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index 3b07327f..4b039430 100644
+--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
+@@ -1547,10 +1547,6 @@ int RGWPostObj_ObjStore_S3::get_params()
+     return op_ret;
+   }
+ 
+-  ldout(s->cct, 20) << "adding bucket to policy env: " << s->bucket.name
+-		    << dendl;
+-  env.add_var("bucket", s->bucket.name);
+-
+   bool done;
+   do {
+     struct post_form_part part;
+@@ -1601,6 +1597,10 @@ int RGWPostObj_ObjStore_S3::get_params()
+     env.add_var(part.name, part_str);
+   } while (!done);
+ 
+  ldout(s->cct, 20) << "adding bucket to policy env: " << s->bucket.name
+		    << dendl;
+  env.add_var("bucket", s->bucket.name);
+
+   string object_str;
+   if (!part_str(parts, "key", &object_str)) {
+     err_msg = "Key not specified";
+-- 
+2.27.0
+
--- a/ceph.spec
+++ b/ceph.spec
@ -68,7 +68,7 @@
 #################################################################################
 Name:		ceph
 Version:	12.2.8
-Release:	22
+Release:	23
 Epoch:		2

 # define _epoch_prefix macro which will expand to the empty string if epoch is
@ -110,6 +110,7 @@ Patch23: 0023-common-mempool-only-fail-tests-if-sharding-is-very-b.patch
 Patch24: 0024-CVE-2021-3979.patch
 Patch25: 0025-fix-rgw-ldap-safe_read_file-can-return-0.patch
 Patch26: 0026-CVE-2021-20288.patch
+Patch27: 0027-fix-CVE-2023-43040.patch

 Requires:	glibc >= 2.28-66

@ -1858,6 +1859,10 @@ exit 0


 %changelog
+* Wed Oct 18 2023 wangzengliang <wangzengliang2@huawei.com> - 2:12.2.8-23
+- fix CVE-2023-43040
+- sync PR #207
+
 * Mon May 23 2022 wangzengliang <wangzengliang1@huawei.com> - 2:12.2.8-22
 - 0026-CVE-2021-20288.patch