From: Matt Benjamin <mbenjamin@redhat.com>
Date: Sat, 13 Jan 2024 18:57:36 +0000 (-0500)
Subject: awssigv4: fix recognition of trailer boundary when no trailing signature
X-Git-Tag: testing/wip-batrick-testing-20240411.154038~426^2~4
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=d374a21beb4faac63c0bd920572651079af25209;p=ceph-ci.git

awssigv4: fix recognition of trailer boundary when no trailing signature

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---

diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 86ea87388db..82b2524bd50 100644
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -1552,9 +1552,15 @@ bool AWSv4ComplMulti::complete()
     std::string_view expected_trailer_signature;
     std::string calculated_trailer_signature;
 
-    if (tbuf_pos > sarrlen("\r\n0;")) {
-      const std::string_view sv_trailer(trailer_vec.data() + sarrlen("\r\n0;"),
-                                        tbuf_pos - sarrlen("\r\n0;"));
+    /* the trailer boundary is just "\r\n0" when we have no trailer
+     * signature */
+    if (tbuf_pos > sarrlen("\r\n0")) {
+      auto trailer_off = sarrlen("\r\n0");
+      if (*(trailer_vec.data() + trailer_off) == ';') {
+	++trailer_off;
+      }
+      const std::string_view sv_trailer(
+        trailer_vec.data() + trailer_off, tbuf_pos - trailer_off);
 
       if (cct()->_conf->subsys.should_gather(ceph_subsys_rgw, 10)) [[unlikely]] {
         ldout(cct(), 10) << "trailer_section: " << sv_trailer << dendl;