rgw: asio: check the remote endpoint before processing requests

`socket.remote_endpoint()` can throw exceptions corresponding to errors in the
`getpeername` syscall, make sure these are handled.

Fixes: CVE-2019-10222, https://tracker.ceph.com/issues/40018
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit caa653196856ecdf50519a9a33195d5c4e3372af)

 Conflicts:
	src/rgw/rgw_asio_frontend.cc
conflicts due to optional-yield-ctx changes in master

diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc
index 72947414b8a3a9ccdca1e8968fbcad01f88ea7c3..dbefeb0c3ab7f3dd9c6e7dcfaa95c8e4100bd584 100644 (file)
--- a/src/rgw/rgw_asio_frontend.cc
+++ b/src/rgw/rgw_asio_frontend.cc
@@ -167,9 +167,14 @@ void handle_connection(RGWProcessEnv& env, Stream& stream,
     RGWRequest req{env.store->get_new_req_id()};
 
     auto& socket = stream.lowest_layer();
+    const auto& remote_endpoint = socket.remote_endpoint(ec);
+    if (ec) {
+      ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl;
+      return;
+    }
     StreamIO real_client{stream, parser, buffer, is_ssl,
                          socket.local_endpoint(),
-                         socket.remote_endpoint()};
+                         remote_endpoint};
 
     auto real_client_io = rgw::io::add_reordering(
                             rgw::io::add_buffering(cct,