rgw: do not abort when user passed bad parameters to set metadata

Fixes: #14190
when user passes bad parameter(e.g. pass "null" to bool parameter), the ceph_json.cc::decode_json_obj()
will raise a exception with type of JSONDecoder::err(). If we do not catch this exception, the radosgw
server will abort.

$ curl -X PUT http://ceph1:9090/admin/metadata?user&format=json -d 'data = { "mtime": "null"}'

terminate called after throwing an instance of 'JSONDecoder::err'
*** Caught signal (Aborted) **
 in thread 7ff982f55700
 ceph version 10.0.1-787-gc485d29 (c485d29a53f6a2c1a3b561c54632dbac1c4e9473)
 1: (ceph::BackTrace::BackTrace(int)+0x2d) [0x7ffa814db8c5]
 2: (()+0x8fbfb7) [0x7ffa814dafb7]
 3: (()+0xf100) [0x7ffa758a6100]
 4: (gsignal()+0x37) [0x7ffa748e05f7]
 5: (abort()+0x148) [0x7ffa748e1ce8]
 6: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7ffa751e49b5]
 7: (()+0x5e926) [0x7ffa751e2926]
 8: (()+0x5e953) [0x7ffa751e2953]
 9: (()+0x5eb73) [0x7ffa751e2b73]
 10: (bool JSONDecoder::decode_json<long>(char const*, long&, JSONObj*, bool)+0x28c) [0x7ffa8135920a]
 11: (RGWMetadataManager::put(std::string&, ceph::buffer::list&, RGWMetadataHandler::sync_type_t, obj_version*)+0x173) [0x7ffa81468029]
 12: (RGWOp_Metadata_Put::execute()+0x172) [0x7ffa81308dcc]
 13: (()+0x7532d2) [0x7ffa813322d2]
 14: (RGWFCGXProcess::handle_request(RGWRequest*)+0x90) [0x7ffa813328a4]

Reported-by: Coffee Chou <coffee.zyr@gmail.com>
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>

diff --git a/src/rgw/rgw_bucket.cc b/src/rgw/rgw_bucket.cc
index f4a245f536cbf50973f74a047f7086032c86186b..860a9715b0689b9dacf804925af2db192926987c 100644 (file)
--- a/src/rgw/rgw_bucket.cc
+++ b/src/rgw/rgw_bucket.cc
@@ -1605,7 +1605,11 @@ public:
   int put(RGWRados *store, string& entry, RGWObjVersionTracker& objv_tracker,
           time_t mtime, JSONObj *obj, sync_type_t sync_type) {
     RGWBucketEntryPoint be, old_be;
-    decode_json_obj(be, obj);
+    try {
+      decode_json_obj(be, obj);
+    } catch (JSONDecoder::err& e) {
+      return -EINVAL;
+    }
 
     time_t orig_mtime;
     map<string, bufferlist> attrs;
@@ -1756,7 +1760,11 @@ public:
   int put(RGWRados *store, string& entry, RGWObjVersionTracker& objv_tracker,
           time_t mtime, JSONObj *obj, sync_type_t sync_type) {
     RGWBucketCompleteInfo bci, old_bci;
-    decode_json_obj(bci, obj);
+    try {
+      decode_json_obj(bci, obj);
+    } catch (JSONDecoder::err& e) {
+      return -EINVAL;
+    }
 
     time_t orig_mtime;
     RGWObjectCtx obj_ctx(store);

diff --git a/src/rgw/rgw_metadata.cc b/src/rgw/rgw_metadata.cc
index cf4a0eb66ba1d99498129d4e71f2688d9bb068a4..80ed8224e6d5fbf2958aab6c5dd4222fc40e5313 100644 (file)
--- a/src/rgw/rgw_metadata.cc
+++ b/src/rgw/rgw_metadata.cc
@@ -355,9 +355,13 @@ int RGWMetadataManager::put(string& metadata_key, bufferlist& bl,
 
   time_t mtime = 0;
 
-  JSONDecoder::decode_json("key", metadata_key, &parser);
-  JSONDecoder::decode_json("ver", *objv, &parser);
-  JSONDecoder::decode_json("mtime", mtime, &parser);
+  try {
+    JSONDecoder::decode_json("key", metadata_key, &parser);
+    JSONDecoder::decode_json("ver", *objv, &parser);
+    JSONDecoder::decode_json("mtime", mtime, &parser);
+  } catch (JSONDecoder::err& e) {
+    return -EINVAL;
+  }
 
   JSONObj *jo = parser.find_obj("data");
   if (!jo) {

diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc
index 5063cd0ccfc517cf80ecd5f37494fcb410f5d82c..99c343b2f3a7f67fe3cc4b18c7db6aefb72dfbbe 100644 (file)
--- a/src/rgw/rgw_user.cc
+++ b/src/rgw/rgw_user.cc
@@ -2552,7 +2552,11 @@ public:
           time_t mtime, JSONObj *obj, sync_type_t sync_mode) {
     RGWUserCompleteInfo uci;
 
-    decode_json_obj(uci, obj);
+    try {
+      decode_json_obj(uci, obj);
+    } catch (JSONDecoder::err& e) {
+      return -EINVAL;
+    }
 
     map<string, bufferlist> *pattrs = NULL;
     if (uci.has_attrs) {