packages/ceph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ceph/0005-CVE-2020-12059.patch
markeryang 0fc4428ebb fix CVE-2020-12059
2020-12-30 14:08:48 +08:00

31 lines
992 B
Diff
Raw Blame History

From 375d926a4f2720a29b079c216bafb884eef985c3 Mon Sep 17 00:00:00 2001
From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Wed, 22 Apr 2020 11:24:34 +0200
Subject: [PATCH] rgw: check for tagging element in POST Obj requests
Check for null element when reading the tagging field from POST obj XML
Fixes: https://tracker.ceph.com/issues/44967
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---
src/rgw/rgw_rest_s3.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index bfda4232..ac2a0272 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -420,6 +420,9 @@ int RGWPutObjTags_ObjStore_S3::get_params()
RGWObjTagging_S3 *tagging;
tagging = static_cast<RGWObjTagging_S3 *>(parser.find_first("Tagging"));
+ if (!tagging) {
+ return -ERR_MALFORMED_XML;
+ }
obj_tags_s3 = static_cast<RGWObjTagSet_S3 *>(tagging->find_first("TagSet"));
if(!obj_tags_s3){
return -ERR_MALFORMED_XML;
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink