[Pkg-ceph-commits] [ceph] 08/09: Upstream fix for CVE-2016-8626 (RGW DoS)
Gaudenz Steinlin
gaudenz at moszumanska.debian.org
Thu Jan 5 10:05:29 UTC 2017
This is an automated email from the git hooks/post-receive script.
gaudenz pushed a commit to branch jessie
in repository ceph.
commit 86ac46bfd6617ecfba245e18c884d623c7b916e7
Author: Gaudenz Steinlin <gaudenz at debian.org>
Date: Tue Dec 27 22:06:07 2016 +0100
Upstream fix for CVE-2016-8626 (RGW DoS)
Closes: #844200
---
debian/patches/cve-2016-8626_rgw_dos.patch | 30 ++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 31 insertions(+)
diff --git a/debian/patches/cve-2016-8626_rgw_dos.patch b/debian/patches/cve-2016-8626_rgw_dos.patch
new file mode 100644
index 0000000..983084c
--- /dev/null
+++ b/debian/patches/cve-2016-8626_rgw_dos.patch
@@ -0,0 +1,30 @@
+commit 23cb642243e09ca4a8e104f62a3bb7b2cbb6ea12
+Author: Yehuda Sadeh <yehuda at redhat.com>
+Date: Thu Oct 20 10:17:36 2016 -0700
+
+ rgw: handle empty POST condition
+
+ Fixes: http://tracker.ceph.com/issues/17635
+
+ Before accessing json entity, need to check that iterator is valid.
+ If there is no entry return appropriate error code.
+
+ Signed-off-by: Yehuda Sadeh <yehuda at redhat.com>
+
+--- a/src/rgw/rgw_policy_s3.cc
++++ b/src/rgw/rgw_policy_s3.cc
+@@ -284,11 +284,13 @@
+ int r = add_condition(v[0], v[1], v[2], err_msg);
+ if (r < 0)
+ return r;
+- } else {
++ } else if (!citer.end()) {
+ JSONObj *c = *citer;
+ dout(0) << "adding simple_check: " << c->get_name() << " : " << c->get_data() << dendl;
+
+ add_simple_check(c->get_name(), c->get_data());
++ } else {
++ return -EINVAL;
+ }
+ }
+ return 0;
diff --git a/debian/patches/series b/debian/patches/series
index a9a2dde..cbf4e30 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,6 +19,7 @@ CVE-2015-5245.patch
## Security
cve-2016-5009_mon_dos.patch
cve-2016-7031_rgw_anonymous_read.patch
+cve-2016-8626_rgw_dos.patch
cve-2016-9579_short_cors_request.patch
## Debian
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ceph/ceph.git
More information about the Pkg-ceph-commits
mailing list