rgw: limit object PUT size

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 070723624d63c889b6b7db88af02734f0abad8b7..df5556d3b5982c866b2844ffb27a41905c2844a5 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -62,6 +62,7 @@ using ceph::crypto::MD5;
 
 #define RGW_MAX_CHUNK_SIZE     (512*1024)
 #define RGW_MAX_PENDING_CHUNKS  16
+#define RGW_MAX_PUT_SIZE        (5ULL*1024*1024*1024)
 
 #define RGW_FORMAT_XML          1
 #define RGW_FORMAT_JSON         2
@@ -121,6 +122,7 @@ using ceph::crypto::MD5;
 #define ERR_NOT_MODIFIED         2016
 #define ERR_INVALID_UTF8         2017
 #define ERR_UNPROCESSABLE_ENTITY 2018
+#define ERR_TOO_LARGE            2019
 #define ERR_USER_SUSPENDED       2100
 #define ERR_INTERNAL_ERROR       2200
 

diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc
index 8d6de93c0a8a9ad00388d72e456625ece1dfe381..5e9ba6a1a471ca58eed9074661d1da28fcd3c2b2 100644 (file)
--- a/src/rgw/rgw_main.cc
+++ b/src/rgw/rgw_main.cc
@@ -217,6 +217,12 @@ void RGWProcess::handle_request(FCGX_Request *fcgx)
     goto done;
   }
 
+  ret = op->verify_params();
+  if (ret < 0) {
+    abort_early(s, ret);
+    goto done;
+  }
+
   if (s->expect_cont)
     dump_continue(s);
 

diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 8a8b0568d26b7e10c2514f9f72048eae22cc02ea..8caba9b1ea9c3f51b94cc78476e2d597653896ec 100644 (file)
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -33,6 +33,7 @@ public:
   virtual void init(struct req_state *s) {
     this->s = s;
   }
+  virtual int verify_params() { return 0; }
   virtual bool prefetch_data() { return false; }
   virtual int verify_permission() = 0;
   virtual void execute() = 0;

diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc
index 8884fee86f4b8154ee3e94e78597778c95020e45..eea36e85262a7872b6b083c20e799ccb4a2eb0b7 100644 (file)
--- a/src/rgw/rgw_rest.cc
+++ b/src/rgw/rgw_rest.cc
@@ -42,6 +42,7 @@ const static struct rgw_html_errors RGW_HTML_ERRORS[] = {
     { ERR_INVALID_PART, 400, "InvalidPart" },
     { ERR_INVALID_PART_ORDER, 400, "InvalidPartOrder" },
     { ERR_REQUEST_TIMEOUT, 400, "RequestTimeout" },
+    { ERR_TOO_LARGE, 400, "EntityTooLarge" },
     { ERR_LENGTH_REQUIRED, 411, "MissingContentLength" },
     { EACCES, 403, "AccessDenied" },
     { EPERM, 403, "AccessDenied" },
@@ -250,6 +251,18 @@ int RGWGetObj_REST::get_params()
 }
 
 
+int RGWPutObj_REST::verify_params()
+{
+  if (s->length) {
+    size_t len = atoll(s->length);
+    if (len > RGW_MAX_PUT_SIZE) {
+      return -ERR_TOO_LARGE;
+    }
+  }
+
+  return 0;
+}
+
 int RGWPutObj_REST::get_params()
 {
   supplied_md5_b64 = s->env->get("HTTP_CONTENT_MD5");
@@ -276,6 +289,10 @@ int RGWPutObj_REST::get_data(bufferlist& bl)
     bl.append(bp);
   }
 
+  if ((uint64_t)ofs + len > RGW_MAX_PUT_SIZE) {
+    return -ERR_TOO_LARGE;
+  }
+
   if (!ofs)
     supplied_md5_b64 = s->env->get("HTTP_CONTENT_MD5");
 

diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h
index aa80f825d3c56767e8247a2c4ec66838043461a9..724a93e5f6559b0c7ca26b4b28f484cd26c70049 100644 (file)
--- a/src/rgw/rgw_rest.h
+++ b/src/rgw/rgw_rest.h
@@ -62,6 +62,7 @@ public:
   RGWPutObj_REST() {}
   ~RGWPutObj_REST() {}
 
+  virtual int verify_params();
   virtual int get_params();
   int get_data(bufferlist& bl);
 };