From 0ec573a82bc6e6a1bcb1f51710981b0fd7c0e306 Mon Sep 17 00:00:00 2001 From: yuliyang Date: Mon, 13 Jan 2020 16:31:33 +0800 Subject: [PATCH] rgw: ReplaceKeyPrefixWith and ReplaceKeyWith can not set at the same time. and support some HttpErrorCodeReturnedEquals and HttpRedirectCode limit. fix https://tracker.ceph.com/issues/43563 Signed-off-by: yuliyang (cherry picked from commit 0b4689865db3ab8efc39a73070a5d60bd9992fbd) --- src/rgw/rgw_xml_enc.cc | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/src/rgw/rgw_xml_enc.cc b/src/rgw/rgw_xml_enc.cc index 1b9d250a7a6cc..5473c2f66ef72 100644 --- a/src/rgw/rgw_xml_enc.cc +++ b/src/rgw/rgw_xml_enc.cc @@ -40,14 +40,24 @@ void RGWBWRedirectInfo::dump_xml(Formatter *f) const } } +#define WEBSITE_HTTP_REDIRECT_CODE_MIN 300 +#define WEBSITE_HTTP_REDIRECT_CODE_MAX 400 void RGWBWRedirectInfo::decode_xml(XMLObj *obj) { RGWXMLDecoder::decode_xml("Protocol", redirect.protocol, obj); RGWXMLDecoder::decode_xml("HostName", redirect.hostname, obj); int code = 0; - RGWXMLDecoder::decode_xml("HttpRedirectCode", code, obj); + bool has_http_redirect_code = RGWXMLDecoder::decode_xml("HttpRedirectCode", code, obj); + if (has_http_redirect_code && + !(code > WEBSITE_HTTP_REDIRECT_CODE_MIN && + code < WEBSITE_HTTP_REDIRECT_CODE_MAX)) { + throw RGWXMLDecoder::err("The provided HTTP redirect code is not valid. Valid codes are 3XX except 300."); + } redirect.http_redirect_code = code; - RGWXMLDecoder::decode_xml("ReplaceKeyPrefixWith", replace_key_prefix_with, obj); - RGWXMLDecoder::decode_xml("ReplaceKeyWith", replace_key_with, obj); + bool has_replace_key_prefix_with = RGWXMLDecoder::decode_xml("ReplaceKeyPrefixWith", replace_key_prefix_with, obj); + bool has_replace_key_with = RGWXMLDecoder::decode_xml("ReplaceKeyWith", replace_key_with, obj); + if (has_replace_key_prefix_with && has_replace_key_with) { + throw RGWXMLDecoder::err("You can only define ReplaceKeyPrefix or ReplaceKey but not both."); + } } void RGWBWRoutingRuleCondition::dump_xml(Formatter *f) const @@ -60,10 +70,17 @@ void RGWBWRoutingRuleCondition::dump_xml(Formatter *f) const } } +#define WEBSITE_HTTP_ERROR_CODE_RETURNED_EQUALS_MIN 400 +#define WEBSITE_HTTP_ERROR_CODE_RETURNED_EQUALS_MAX 600 void RGWBWRoutingRuleCondition::decode_xml(XMLObj *obj) { RGWXMLDecoder::decode_xml("KeyPrefixEquals", key_prefix_equals, obj); int code = 0; - RGWXMLDecoder::decode_xml("HttpErrorCodeReturnedEquals", code, obj); + bool has_http_error_code_returned_equals = RGWXMLDecoder::decode_xml("HttpErrorCodeReturnedEquals", code, obj); + if (has_http_error_code_returned_equals && + !(code >= WEBSITE_HTTP_ERROR_CODE_RETURNED_EQUALS_MIN && + code < WEBSITE_HTTP_ERROR_CODE_RETURNED_EQUALS_MAX)) { + throw RGWXMLDecoder::err("The provided HTTP redirect code is not valid. Valid codes are 4XX or 5XX."); + } http_error_code_returned_equals = code; } -- 2.39.5