From: Pritha Srivastava <prsrivas@redhat.com>
Date: Tue, 9 Oct 2018 06:02:00 +0000 (+0530)
Subject: rgw: Fix for buffer overflow in STS op_post().
X-Git-Tag: v14.1.0~973^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6fb2e060dab19a1cec1e7d3d98346e2393285db2;p=ceph.git

rgw: Fix for buffer overflow in STS op_post().

Signed-off-by: Marcus Watts <mwatts@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
index cadfe7b33ece..1d3a78cdb9ab 100644
--- a/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@ -172,10 +172,15 @@ void RGWSTSAssumeRole::execute()
 
 RGWOp *RGWHandler_REST_STS::op_post()
 {
-  char buf[256];
-  recv_body(s, buf, s->content_length);
-  ldout(s->cct, 0) << "Content of POST: " << buf << dendl;
-  string post_body = buf;
+  int len = 0;
+  char *data = nullptr;
+  const auto max_size = s->cct->_conf->rgw_max_put_param_size;
+  auto ret = rgw_rest_read_all_input(s, &data, &len, max_size, false);
+  if (ret < 0) {
+    return nullptr;
+  }
+  ldout(s->cct, 0) << "Content of POST: " << data << dendl;
+  string post_body = data;
 
   if (post_body.find("Action") != string::npos) {
     boost::char_separator<char> sep("&");
@@ -191,6 +196,8 @@ RGWOp *RGWHandler_REST_STS::op_post()
      }
   }
 
+  free(data);
+
   if (s->info.args.exists("Action"))    {
     string action = s->info.args.get("Action");
     if (action == "AssumeRole") {