[Pkg-ceph-commits] [ceph] 07/09: Upstream fix for CVE-2016-7031 (anonymous read on ACL)

Gaudenz Steinlin gaudenz at moszumanska.debian.org
Thu Jan 5 10:05:29 UTC 2017 

This is an automated email from the git hooks/post-receive script.

gaudenz pushed a commit to branch jessie
in repository ceph.

commit 7ae81b07cfd91eb9c8c9760f1a7501dd00705995
Author: Gaudenz Steinlin <gaudenz at debian.org>
Date:   Tue Dec 27 22:04:48 2016 +0100

    Upstream fix for CVE-2016-7031 (anonymous read on ACL)
    
    Closes: #838026
---
 .../patches/cve-2016-7031_rgw_anonymous_read.patch | 44 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 45 insertions(+)

diff --git a/debian/patches/cve-2016-7031_rgw_anonymous_read.patch b/debian/patches/cve-2016-7031_rgw_anonymous_read.patch
new file mode 100644
index 0000000..c8d9a11
--- /dev/null
+++ b/debian/patches/cve-2016-7031_rgw_anonymous_read.patch
@@ -0,0 +1,44 @@
+commit 99ba6610a8f437604cadf68cbe9969def893e870
+Author: root <rahul.1aggarwal at gmail.com>
+Date:   Thu Sep 24 00:21:13 2015 +0530
+
+    13207: Rados Gateway: Anonymous user is able to read bucket with authenticated read ACL
+    
+    Signed-off-by: root <rahul.1aggarwal at gmail.com>
+
+--- a/src/rgw/rgw_acl_s3.cc
++++ b/src/rgw/rgw_acl_s3.cc
+@@ -537,7 +537,7 @@
+ {
+   switch (group) {
+   case ACL_GROUP_ALL_USERS:
+-    return (id.compare(rgw_uri_all_users) == 0);
++    return (id.compare(RGW_USER_ANON_ID) == 0);
+   case ACL_GROUP_AUTHENTICATED_USERS:
+     return (id.compare(rgw_uri_auth_users) == 0);
+   default:
+--- a/src/rgw/rgw_op.cc
++++ b/src/rgw/rgw_op.cc
+@@ -15,6 +15,7 @@
+ #include "rgw_rest.h"
+ #include "rgw_acl.h"
+ #include "rgw_acl_s3.h"
++#include "rgw_acl_swift.h"
+ #include "rgw_user.h"
+ #include "rgw_bucket.h"
+ #include "rgw_log.h"
+@@ -322,7 +323,13 @@
+ 
+   s->bucket_instance_id = s->info.args.get(RGW_SYS_PARAM_PREFIX "bucket-instance");
+ 
+-  s->bucket_acl = new RGWAccessControlPolicy(s->cct);
++  if(s->dialect.compare("s3") == 0) {
++    s->bucket_acl = new RGWAccessControlPolicy_S3(s->cct);
++  } else if(s->dialect.compare("swift")  == 0) {
++    s->bucket_acl = new RGWAccessControlPolicy_SWIFT(s->cct);
++  } else {
++    s->bucket_acl = new RGWAccessControlPolicy(s->cct);
++  }
+ 
+   if (s->copy_source) { /* check if copy source is within the current domain */
+     const char *src = s->copy_source;
diff --git a/debian/patches/series b/debian/patches/series
index ec086af..a9a2dde 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,6 +18,7 @@ CVE-2015-5245.patch
 
 ## Security
 cve-2016-5009_mon_dos.patch
+cve-2016-7031_rgw_anonymous_read.patch
 cve-2016-9579_short_cors_request.patch
 
 ## Debian

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ceph/ceph.git

More information about the Pkg-ceph-commits mailing list