From d374a21beb4faac63c0bd920572651079af25209 Mon Sep 17 00:00:00 2001
From: Matt Benjamin <mbenjamin@redhat.com>
Date: Sat, 13 Jan 2024 13:57:36 -0500
Subject: [PATCH] awssigv4: fix recognition of trailer boundary when no
 trailing signature

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---
 src/rgw/rgw_auth_s3.cc | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 86ea87388db..82b2524bd50 100644
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -1552,9 +1552,15 @@ bool AWSv4ComplMulti::complete()
     std::string_view expected_trailer_signature;
     std::string calculated_trailer_signature;
 
-    if (tbuf_pos > sarrlen("\r\n0;")) {
-      const std::string_view sv_trailer(trailer_vec.data() + sarrlen("\r\n0;"),
-                                        tbuf_pos - sarrlen("\r\n0;"));
+    /* the trailer boundary is just "\r\n0" when we have no trailer
+     * signature */
+    if (tbuf_pos > sarrlen("\r\n0")) {
+      auto trailer_off = sarrlen("\r\n0");
+      if (*(trailer_vec.data() + trailer_off) == ';') {
+	++trailer_off;
+      }
+      const std::string_view sv_trailer(
+        trailer_vec.data() + trailer_off, tbuf_pos - trailer_off);
 
       if (cct()->_conf->subsys.should_gather(ceph_subsys_rgw, 10)) [[unlikely]] {
         ldout(cct(), 10) << "trailer_section: " << sv_trailer << dendl;
-- 
2.39.5