From 9b55f365edaa9a019c6687d18f5b24ac52025b11 Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Tue, 31 Jan 2023 22:29:51 -0800 Subject: [PATCH] rgw: Fix Browser POST content-length-range min value `ERR_TOO_SMALL` is wrongly returned if all of the following are true, - the get_data returns multiple items (chunks) - the length of the last item is smaller than the POST Policy's min value for content-length-range. The check should be `(ofs < min_len)` instead of `(len < min_len)` This is further confirmed by the next line of `s->obj_size = ofs` Move the `int len` scope inside loop to try and prevent the bug in future. The bug was refactored in 2016, but was introduced in Oct 2012, when this functionality was first added to RGW in commit 7bb3504d3f0974e9863f536e9af0ce8889d6888f. Reference: https://github.com/ceph/ceph/blob/933a42f9af349b3b222270e7f19f1fe151d89e8e/src/rgw/rgw_op.cc#L4474-L4513 Reference: https://github.com/ceph/ceph/commit/7bb3504d3f0974e9863f536e9af0ce8889d6888f Signed-off-by: Robin H. Johnson (cherry picked from commit 18533be1406997eedae16216447d9b4dcf460643) --- src/rgw/rgw_op.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index e2d74d9cedd72..c38768534379e 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -4409,7 +4409,6 @@ void RGWPostObj::execute(optional_yield y) // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ceph::buffer::list bl, aclbl; - int len = 0; op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->content_length, y); if (op_ret < 0) { @@ -4479,7 +4478,7 @@ void RGWPostObj::execute(optional_yield y) bool again; do { ceph::bufferlist data; - len = get_data(data, again); + int len = get_data(data, again); if (len < 0) { op_ret = len; @@ -4510,7 +4509,7 @@ void RGWPostObj::execute(optional_yield y) return; } - if (len < min_len) { + if (ofs < min_len) { op_ret = -ERR_TOO_SMALL; return; } -- 2.39.5