]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2f56570) | patch
rgw: Fix bucket validation against POST policies 53714/head
authorJoshua Baergen <jbaergen@digitalocean.com>
Wed, 17 May 2023 18:17:09 +0000 (12:17 -0600)
committerCasey Bodley <cbodley@redhat.com>
Thu, 28 Sep 2023 15:04:35 +0000 (11:04 -0400)
commit98bfb71cb38899333deb58dd2562037450fd7fa8
treed1bc08b922eab2acb7846fe4784c6fedc98c3751tree | snapshot
parent2f5657011fce3d447a71fc4de869d7eb457c4d8ccommit | diff
rgw: Fix bucket validation against POST policies

It's possible that user could provide a form part as a part of a POST
object upload that uses 'bucket' as a key; in this case, it was
overriding what was being set in the validation env (which is the real
bucket being modified). The result of this is that a user could actually
upload to any bucket accessible by the specified access key by matching
the bucket in the POST policy in said POST form part.

Fix this simply by setting the bucket to the correct value after the
POST form parts are processed, ignoring the form part above if
specified.

Fixes: https://tracker.ceph.com/issues/63004
Signed-off-by: Joshua Baergen <jbaergen@digitalocean.com>
src/rgw/rgw_rest_s3.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.