From c680cff2872121c30565c28a717dcc92199dc11c Mon Sep 17 00:00:00 2001
From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Wed, 7 Aug 2019 17:09:32 +0200
Subject: [PATCH] rgw: asio: check the remote endpoint before processing
 requests

`socket.remote_endpoint()` can throw exceptions corresponding to errors in the
`getpeername` syscall, make sure these are handled.

Fixes: CVE-2019-10222, https://tracker.ceph.com/issues/40018
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit caa653196856ecdf50519a9a33195d5c4e3372af)

 Conflicts:
	src/rgw/rgw_asio_frontend.cc
conflicts due to optional-yield-ctx changes in master
---
 src/rgw/rgw_asio_frontend.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc
index 72947414b8a3..dbefeb0c3ab7 100644
--- a/src/rgw/rgw_asio_frontend.cc
+++ b/src/rgw/rgw_asio_frontend.cc
@@ -167,9 +167,14 @@ void handle_connection(RGWProcessEnv& env, Stream& stream,
     RGWRequest req{env.store->get_new_req_id()};
 
     auto& socket = stream.lowest_layer();
+    const auto& remote_endpoint = socket.remote_endpoint(ec);
+    if (ec) {
+      ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl;
+      return;
+    }
     StreamIO real_client{stream, parser, buffer, is_ssl,
                          socket.local_endpoint(),
-                         socket.remote_endpoint()};
+                         remote_endpoint};
 
     auto real_client_io = rgw::io::add_reordering(
                             rgw::io::add_buffering(cct,
-- 
2.47.3