diff options
Diffstat (limited to 'sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch')
-rw-r--r-- | sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch b/sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch new file mode 100644 index 000000000000..d767d8170dfa --- /dev/null +++ b/sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch @@ -0,0 +1,33 @@ +commit dc2ffda7819d2ebeed3526d9e6da8f53221818de +Author: Yehuda Sadeh <yehuda@redhat.com> +Date: Thu Oct 20 10:17:36 2016 -0700 + + rgw: handle empty POST condition + + Fixes: http://tracker.ceph.com/issues/17635 + + Before accessing json entity, need to check that iterator is valid. + If there is no entry return appropriate error code. + + Signed-off-by: Yehuda Sadeh <yehuda@redhat.com> + (cherry picked from commit 23cb642243e09ca4a8e104f62a3bb7b2cbb6ea12) + +diff --git a/src/rgw/rgw_policy_s3.cc b/src/rgw/rgw_policy_s3.cc +index 3843511..8af70a8 100644 +--- a/src/rgw/rgw_policy_s3.cc ++++ b/src/rgw/rgw_policy_s3.cc +@@ -286,11 +286,13 @@ int RGWPolicy::from_json(bufferlist& bl, string& err_msg) + int r = add_condition(v[0], v[1], v[2], err_msg); + if (r < 0) + return r; +- } else { ++ } else if (!citer.end()) { + JSONObj *c = *citer; + dout(0) << "adding simple_check: " << c->get_name() << " : " << c->get_data() << dendl; + + add_simple_check(c->get_name(), c->get_data()); ++ } else { ++ return -EINVAL; + } + } + return 0; |