]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
rgw: enforce bounds on max-keys/max-uploads/max-parts
authorRobin H. Johnson <rjohnson@digitalocean.com>
Fri, 21 Sep 2018 21:49:34 +0000 (14:49 -0700)
committerAbhishek Lekshmanan <abhishek@suse.com>
Thu, 10 Jan 2019 18:21:59 +0000 (19:21 +0100)
commit4337e6a7d9f92c8549ebee20d0dd67a01e49857f
tree49d98956b527859f27c848fdcb3fa905c5ab1905
parent0b69e60877c5dcfda7c6987954770cf758c21fb7
rgw: enforce bounds on max-keys/max-uploads/max-parts

RGW S3 listing operations provided a way for authenticated users to
cause a denial of service against OMAPs holding bucket indices.

Bound the min & max values that a user could pass into the max-X
parameters, to keep the system safe. The default of 1000 is chosen to
match AWS S3 behavior.

Affected operations:
- ListBucket, via max-keys
- ListBucketVersions, via max-keys
- ListBucketMultiPartUploads, via max-uploads
- ListMultipartUploadParts, via max-parts

The Swift bucket listing codepath already enforced a limit, so is
unaffected by this issue.

Prior to this commit, the effective limit is the lower of
osd_max_omap_entries_per_request or osd_max_omap_bytes_per_request.

Backport: luminous, mimic
Fixes: http://tracker.ceph.com/issues/35994
Signed-off-by: Robin H. Johnson <rjohnson@digitalocean.com>
(cherry picked from commit d79f68a1e31f4bc917eec1b6bbc8e8446377dc6b)

 Conflicts:
src/common/options.cc:
  Conflicts due to options from master
src/common/options.cc
src/rgw/rgw_op.cc
src/rgw/rgw_op.h
src/rgw/rgw_rest.cc
src/rgw/rgw_rest_swift.cc