]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eabb013) | patch
rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader 35775/head
authorCasey Bodley <cbodley@redhat.com>
Tue, 26 May 2020 19:03:03 +0000 (15:03 -0400)
committerAbhishek Lekshmanan <abhishek@suse.com>
Thu, 25 Jun 2020 12:00:17 +0000 (14:00 +0200)
commit46817f30cee60bc5df8354ab326762e7c783fe2c
tree19a1a86e509ce9fa9795b5390764fb37c3cb0eectree | snapshot
parenteabb01366894d9cc2c577af687ca3fad634d2eeacommit | diff
rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader

the values in the <ExposeHeader> element are sent back to clients in a
Access-Control-Expose-Headers response header. if the values are allowed
to have newlines in them, they can be used to inject arbitrary response
headers

this issue only affects s3, which gets these values from an xml document

in swift, they're given in the request header
X-Container-Meta-Access-Control-Expose-Headers, so the value itself
cannot contain newlines

Signed-off-by: Casey Bodley <cbodley@redhat.com>
Reported-by: Adam Mohammed <amohammed@linode.com>
src/rgw/rgw_cors.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.