From: Josh Durgin <josh.durgin@inktank.com>
Date: Thu, 24 Oct 2013 15:42:48 +0000 (-0700)
Subject: rgw: escape bucket and object names in StreamReadRequests
X-Git-Tag: v0.67.5~20^2~7
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c5991f26febd86878aeb78baab33c071660fdee6;p=ceph.git

rgw: escape bucket and object names in StreamReadRequests

This fixes copy operations for objects that contain unsafe characters,
like a newline, which would return a 403 otherwise, since the GET to
the source rgw would be unable to verify the signature on a partially
valid bucket name.

Fixes: #6604
Backport: dumpling
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
(cherry picked from commit ec45b3b88c485140781b23d2c4f582f2cc26ea43)
---

diff --git a/src/rgw/rgw_rest_client.cc b/src/rgw/rgw_rest_client.cc
index ea80b5b84f86..7f4e2b6582dc 100644
--- a/src/rgw/rgw_rest_client.cc
+++ b/src/rgw/rgw_rest_client.cc
@@ -540,7 +540,10 @@ int RGWRESTStreamWriteRequest::complete(string& etag, time_t *mtime)
 
 int RGWRESTStreamReadRequest::get_obj(RGWAccessKey& key, map<string, string>& extra_headers, rgw_obj& obj)
 {
-  string resource = obj.bucket.name + "/" + obj.object;
+  string urlsafe_bucket, urlsafe_object;
+  url_encode(obj.bucket.name, urlsafe_bucket);
+  url_encode(obj.object, urlsafe_object);
+  string resource = urlsafe_bucket + "/" + urlsafe_object;
   string new_url = url;
   if (new_url[new_url.size() - 1] != '/')
     new_url.append("/");