rgw ldap: protect rgw::from_base64 from non-base64 input

Also adds unit tests for:
1. empty output from from_base64 (turns out to be harmless)
2. random and specific non-base64 and sort strings
(modified from upstream to avoid alteration of src/test/test_rgw_token.cc)

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit 0a4c91ec7652d02673a9b156cd16144d778a3844)

Fixes: http://tracker.ceph.com/issues/17324

diff --git a/src/rgw/rgw_file.h b/src/rgw/rgw_file.h
index 42b6649105187a18b75f84be369c93ce91eebc98..a98a98e03b0f7705c10029b1abd6fdece2208467 100644 (file)
--- a/src/rgw/rgw_file.h
+++ b/src/rgw/rgw_file.h
@@ -780,7 +780,13 @@ namespace rgw {
       } else {
        /* try external authenticators (ldap for now) */
        rgw::LDAPHelper* ldh = rgwlib.get_ldh(); /* !nullptr */
-       RGWToken token{from_base64(key.id)};
+       RGWToken token;
+       /* boost filters and/or string_ref may throw on invalid input */
+       try {
+         token = rgw::from_base64(key.id);
+       } catch(...) {
+         token = std::string("");
+       }
        if (token.valid() && (ldh->auth(token.id, token.key) == 0)) {
          /* try to store user if it doesn't already exist */
          if (rgw_get_user_info_by_uid(store, token.id, user) < 0) {

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 03ce3a7b99f6f8fb4b1f5f7145aca46a1bc9a86f..ac11fcbc2c7076ef8c19199e836140ee96a90935 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -1754,7 +1754,13 @@ int RGWPostObj_ObjStore_S3::get_policy()
          << store->ctx()->_conf->rgw_ldap_uri
          << dendl;
 
-       RGWToken token{from_base64(s3_access_key)};
+       RGWToken token;
+       /* boost filters and/or string_ref may throw on invalid input */
+       try {
+         token = rgw::from_base64(s3_access_key);
+       } catch(...) {
+         token = std::string("");
+       }
        if (! token.valid())
          return -EACCES;