]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1293e6b)
rgw: don't allow negative / invalid content length
authorYehuda Sadeh <yehuda@redhat.com>
Fri, 1 Aug 2014 23:15:36 +0000 (16:15 -0700)
committerYehuda Sadeh <yehuda@redhat.com>
Thu, 14 Aug 2014 23:06:50 +0000 (16:06 -0700)
Certain frontends (e.g., civetweb) don't filter such requests.

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
src/rgw/rgw_common.h patch | blob | history
src/rgw/rgw_op.cc patch | blob | history
src/rgw/rgw_rest.cc patch | blob | history

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 12a43e87f1951816c6281d9b26a411d588e51a87..1170650b56aaef476decca088980b6b7c4bbfed2 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -863,7 +863,7 @@ struct req_state {
    string decoded_uri;
    string relative_uri;
    const char *length;
-   uint64_t content_length;
+   int64_t content_length;
    map<string, string> generic_attrs;
    struct rgw_err err;
    bool expect_cont;
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 9b24a4def30cf30911899b2dafb2a60459afd242..a6389c960c2e25b69814ce35bd983d7a3f067573 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -1706,7 +1706,7 @@ void RGWPutObj::execute()
     ofs += len;
   } while (len > 0);
 
-  if (!chunked_upload && (uint64_t)ofs != s->content_length) {
+  if (!chunked_upload && ofs != s->content_length) {
     ret = -ERR_REQUEST_TIMEOUT;
     goto done;
   }
diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc
index bc2b97e07c028e06feb0bbb72d4fec2788eaaf4e..153628d5722c9faca19ea1f7fbc5356ef9da3057 100644 (file)
--- a/src/rgw/rgw_rest.cc
+++ b/src/rgw/rgw_rest.cc
@@ -1227,10 +1227,21 @@ int RGWREST::preprocess(struct req_state *s, RGWClientIO *cio)
   url_decode(s->info.request_uri, s->decoded_uri);
   s->length = info.env->get("CONTENT_LENGTH");
   if (s->length) {
-    if (*s->length == '\0')
+    if (*s->length == '\0') {
       s->content_length = 0;
-    else
-      s->content_length = atoll(s->length);
+    } else {
+      string err;
+      s->content_length = strict_strtol(s->length, 10, &err);
+      if (!err.empty()) {
+        ldout(s->cct, 10) << "bad content length, aborting" << dendl;
+        return -EINVAL;
+      }
+    }
+  }
+
+  if (s->content_length < 0) {
+    ldout(s->cct, 10) << "negative content length, aborting" << dendl;
+    return -EINVAL;
   }
 
   map<string, string>::iterator giter;
Unnamed repository; edit this file 'description' to name the repository.