]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07ab7ec) | patch
rgw: Verify key id before sending to Barbican 65010/head
authorMarcel Lauhoff <marcel.lauhoff@clyso.com>
Fri, 8 Aug 2025 10:52:06 +0000 (12:52 +0200)
committerMarcel Lauhoff <marcel.lauhoff@clyso.com>
Wed, 13 Aug 2025 09:21:16 +0000 (11:21 +0200)
commit13efe8c6b89686595556fc0c6f68528b1e9f01ef
tree2ad8c3a2e7fe42c4ba860d861508eb8996587bfdtree | snapshot
parent07ab7ecbfd0530de9051150da4592c3698c104edcommit | diff
rgw: Verify key id before sending to Barbican

`request_key_from_barbican` is called with a raw user-defined key id.
To prevent issues like path injection match against a UUID4 regex
first. Add this check close to the Barbican calls, as other KMS
backends have other key format definitions.

Barbican secret ids are defined as "uuid" and matched against Python's
UUID 4 parser.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@clyso.com>
On-behalf-of: SAP marcel.lauhoff@sap.com
src/rgw/rgw_kms.cc diff | blob | history
src/test/rgw/test_rgw_kms.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.