From: yuliyang <yuliyang@cmss.chinamobile.com>
Date: Tue, 10 Dec 2019 08:12:57 +0000 (+0800)
Subject: rgw: fix rgw crash when token is not base64 encode
X-Git-Tag: v14.2.8~20^2~76^2~12^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F32050%2Fhead;p=ceph.git

rgw: fix rgw crash when token is not base64 encode

Fixes: https://tracker.ceph.com/issues/43018

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
(cherry picked from commit b8fca700b52683931052d1567aa259647f977b59)
Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 0a28abaeb455..53f93bb9e73d 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -4922,7 +4922,13 @@ int
 rgw::auth::s3::STSEngine::get_session_token(const boost::string_view& session_token,
                                             STS::SessionToken& token) const
 {
-  string decodedSessionToken = rgw::from_base64(session_token);
+  string decodedSessionToken;
+  try {
+    decodedSessionToken = rgw::from_base64(session_token);
+  } catch (...) {
+    ldout(cct, 0) << "ERROR: Invalid session token, not base64 encoded." << dendl;
+    return -EINVAL;
+  }
 
   auto* cryptohandler = cct->get_crypto_handler(CEPH_CRYPTO_AES);
   if (! cryptohandler) {