rgw: escape bucket and object names in StreamReadRequests

This fixes copy operations for objects that contain unsafe characters,
like a newline, which would return a 403 otherwise, since the GET to
the source rgw would be unable to verify the signature on a partially
valid bucket name.

Fixes: #6604
Backport: dumpling
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
(cherry picked from commit ec45b3b88c485140781b23d2c4f582f2cc26ea43)

diff --git a/src/rgw/rgw_rest_client.cc b/src/rgw/rgw_rest_client.cc
index ea80b5b84f86e8eb07422c8a93f8cf0af41d6da2..7f4e2b6582dc1907686543e75252027ae7974e8f 100644 (file)
--- a/src/rgw/rgw_rest_client.cc
+++ b/src/rgw/rgw_rest_client.cc
@@ -540,7 +540,10 @@ int RGWRESTStreamWriteRequest::complete(string& etag, time_t *mtime)
 
 int RGWRESTStreamReadRequest::get_obj(RGWAccessKey& key, map<string, string>& extra_headers, rgw_obj& obj)
 {
-  string resource = obj.bucket.name + "/" + obj.object;
+  string urlsafe_bucket, urlsafe_object;
+  url_encode(obj.bucket.name, urlsafe_bucket);
+  url_encode(obj.object, urlsafe_object);
+  string resource = urlsafe_bucket + "/" + urlsafe_object;
   string new_url = url;
   if (new_url[new_url.size() - 1] != '/')
     new_url.append("/");