From ef1111a17084f6672fd40e366f92f8168a09d0a0 Mon Sep 17 00:00:00 2001
From: matt benjamin <mbenjamin@redhat.com>
Date: Sat, 2 Mar 2024 13:49:52 -0500
Subject: [PATCH] rgw_sigv4: handle '0;' as trailer-chunk boundary

https://tracker.ceph.com/issues/64676

Signed-off-by: matt benjamin <mbenjamin@redhat.com>
---
 src/rgw/rgw_auth_s3.cc | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 82b2524bd50..fd7fd07a54e 100644
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -1552,11 +1552,21 @@ bool AWSv4ComplMulti::complete()
     std::string_view expected_trailer_signature;
     std::string calculated_trailer_signature;
 
-    /* the trailer boundary is just "\r\n0" when we have no trailer
-     * signature */
+    /* I have seen variations in the 0-byte case, with and without
+     * ssl transport. I have observed "\r\n0;" but also "0;" in the
+     * trailer-signature case.  I have observed only "\r\n0" in the
+     * no-trailer-signature case--but assume "0" might be possible.
+     * The logic below handles all 4 cases. */
     if (tbuf_pos > sarrlen("\r\n0")) {
-      auto trailer_off = sarrlen("\r\n0");
-      if (*(trailer_vec.data() + trailer_off) == ';') {
+      const char* tv_data = trailer_vec.data();
+      auto trailer_off = 0;
+      if (*(tv_data + trailer_off) == '\r') {
+	trailer_off += 2;
+      }
+      if (*(tv_data + trailer_off) == '0') {
+	++trailer_off;
+      }
+      if (*(tv_data + trailer_off) == ';') {
 	++trailer_off;
       }
       const std::string_view sv_trailer(
-- 
2.39.5