rgw: return err_malformed_xml when MaxAgeSeconds is an invalid integer

Fixes: http://tracker.ceph.com/issues/26957
Signed-off-by: Chang Liu <liuchang0812@gmail.com>

diff --git a/src/rgw/rgw_cors_s3.cc b/src/rgw/rgw_cors_s3.cc
index 95d57e882e3bff4afbaabc9e605bc87e0fededb5..67e8e83c65215acb899819237de88844b3bb8910 100644 (file)
--- a/src/rgw/rgw_cors_s3.cc
+++ b/src/rgw/rgw_cors_s3.cc
@@ -127,6 +127,10 @@ bool RGWCORSRule_S3::xml_end(const char *el) {
     char *end = NULL;
 
     unsigned long long ull = strtoull(obj->get_data().c_str(), &end, 10);
+    if (*end != '\0') {
+      dout(0) << "RGWCORSRule's MaxAgeSeconds " << obj->get_data() << " is an invalid integer" << dendl;
+      return false;
+    }
     if (ull >= 0x100000000ull) {
       max_age = CORS_MAX_AGE_INVALID;
     } else  {

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 2bb55e8a521e37720e99e6c0d3c3f5ef7444033e..7510a758181a4cf6220966e9a55da45cdb3cb73a 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2370,13 +2370,13 @@ int RGWPutCORS_ObjStore_S3::get_params()
   }
 
   if (!data || !parser.parse(data, len, 1)) {
-    return -EINVAL;
+    return -ERR_MALFORMED_XML;
   }
   cors_config =
     static_cast<RGWCORSConfiguration_S3 *>(parser.find_first(
                                             "CORSConfiguration"));
   if (!cors_config) {
-    return -EINVAL;
+    return -ERR_MALFORMED_XML;
   }
 
 #define CORS_RULES_MAX_NUM      100