From b3118cabb8060a8cc6a01c4e8264cb18e7b1745a Mon Sep 17 00:00:00 2001 From: "Adam C. Emerson" Date: Tue, 10 Oct 2017 16:21:48 -0400 Subject: [PATCH] rgw: Remove assertions in IAM Policy A couple of them could be triggered by user input. Signed-off-by: Adam C. Emerson --- src/rgw/rgw_basic_types.h | 2 -- src/rgw/rgw_iam_policy.cc | 12 +++++++++--- src/rgw/rgw_iam_policy.h | 3 --- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/rgw/rgw_basic_types.h b/src/rgw/rgw_basic_types.h index 31e9d3a32acb4..b4707b1a70887 100644 --- a/src/rgw/rgw_basic_types.h +++ b/src/rgw/rgw_basic_types.h @@ -160,12 +160,10 @@ public: } const std::string& get_tenant() const { - ceph_assert(t != Wildcard); return u.tenant; } const std::string& get_id() const { - ceph_assert(t != Wildcard && t != Tenant); return u.id; } diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 2f6d8be81c2de..97d9c13b4841f 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -221,7 +221,9 @@ optional ARN::parse(const string& s, bool wildcards) { if ((s == "*") && wildcards) { return ARN(Partition::wildcard, Service::wildcard, "*", "*", "*"); } else if (regex_match(s, match, wildcards ? rx_wild : rx_no_wild)) { - ceph_assert(match.size() == 6); + if (match.size() != 6) { + return boost::none; + } ARN a; { @@ -771,7 +773,9 @@ static optional parse_principal(CephContext* cct, TokenID t, ECMAScript | optimize); smatch match; if (regex_match(a->resource, match, rx)) { - ceph_assert(match.size() == 3); + if (match.size() != 3) { + return boost::none; + } if (match[1] == "user") { return Principal::user(std::move(a->account), @@ -843,7 +847,9 @@ bool ParseState::do_string(CephContext* cct, const char* s, size_t l) { // Principals } else if (w->kind == TokenKind::princ_type) { - ceph_assert(pp->s.size() > 1); + if (pp->s.size() <= 1) { + return false; + } auto& pri = pp->s[pp->s.size() - 2].w->id == TokenID::Principal ? t->princ : t->noprinc; diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index 5236e6b021921..59117456e0cc4 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -29,8 +29,6 @@ #include "rgw_iam_policy_keywords.h" #include "rgw_string.h" -#include "include/assert.h" // razzin' frazzin' ...grrr. - class RGWRados; namespace rgw { namespace auth { @@ -254,7 +252,6 @@ string to_string(const MaskedIP& m); inline bool operator ==(const MaskedIP& l, const MaskedIP& r) { auto shift = std::max((l.v6 ? 128 : 32) - l.prefix, (r.v6 ? 128 : 32) - r.prefix); - ceph_assert(shift > 0); return (l.addr >> shift) == (r.addr >> shift); } -- 2.39.5