From: Pritha Srivastava <prsrivas@redhat.com>
Date: Mon, 20 Feb 2017 07:20:34 +0000 (+0530)
Subject: rgw: Added code for Role input validation.
X-Git-Tag: v12.1.0~10^2~82^2~3
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=85fbf10c018c44b76e36ce910fcf72d83392a56f;p=ceph.git

rgw: Added code for Role input validation.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_role.cc b/src/rgw/rgw_role.cc
index ab08c57807d..b6cb7e92f9e 100644
--- a/src/rgw/rgw_role.cc
+++ b/src/rgw/rgw_role.cc
@@ -1,5 +1,6 @@
 #include <errno.h>
 #include <ctime>
+#include <regex>
 
 #include "common/errno.h"
 #include "common/Formatter.h"
@@ -58,6 +59,10 @@ int RGWRole::create(bool exclusive)
 {
   int ret;
 
+  if (! validate_input()) {
+    return -EINVAL;
+  }
+
   /* check to see the name is not used */
   ret = read_id(name, tenant, id);
   if (exclusive && ret == 0) {
@@ -350,6 +355,31 @@ int RGWRole::read_name()
   return 0;
 }
 
+bool RGWRole::validate_input()
+{
+  if (name.length() > MAX_ROLE_NAME_LEN) {
+    ldout(cct, 0) << "ERROR: Invalid name length " << dendl;
+    return false;
+  }
+
+  if (path.length() > MAX_PATH_NAME_LEN) {
+    ldout(cct, 0) << "ERROR: Invalid path length " << dendl;
+    return false;
+  }
+
+  std::regex regex_name("[A-Za-z0-9:=,.@-]+");
+  if (! std::regex_match(name, regex_name)) {
+    ldout(cct, 0) << "ERROR: Invalid chars in name " << dendl;
+    return false;
+  }
+
+  std::regex regex_path("(\/[!-~]+\/)|(\/)");
+  if (! std::regex_match(path,regex_path)) {
+    ldout(cct, 0) << "ERROR: Invalid chars in path " << dendl;
+    return false;
+  }
+}
+
 void RGWRole::update_trust_policy(string& trust_policy)
 {
   this->trust_policy = trust_policy;
diff --git a/src/rgw/rgw_role.h b/src/rgw/rgw_role.h
index 138381e74f0..03cd67c6926 100644
--- a/src/rgw/rgw_role.h
+++ b/src/rgw/rgw_role.h
@@ -7,6 +7,8 @@ class RGWRole
   static const string role_oid_prefix;
   static const string role_path_oid_prefix;
   static const string role_arn_prefix;
+  static constexpr int MAX_ROLE_NAME_LEN = 64;
+  static constexpr int MAX_PATH_NAME_LEN = 512;
 
   CephContext *cct;
   RGWRados *store;
@@ -26,6 +28,7 @@ class RGWRole
   int read_name();
   int read_info();
   void set_id(const string& id) { this->id = id; }
+  bool validate_input();
 
 public:
   RGWRole(CephContext *cct,