diff options
Diffstat (limited to 'src/rgw')
| -rw-r--r-- | src/rgw/rgw_common.cc | 5 | ||||
| -rw-r--r-- | src/rgw/rgw_common.h | 1 | ||||
| -rw-r--r-- | src/rgw/rgw_rest.cc | 4 |
3 files changed, 10 insertions, 0 deletions
diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index d4e494073ca..2f5a82561e6 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -108,6 +108,7 @@ rgw_http_errors rgw_http_s3_errors({ { ERR_INTERNAL_ERROR, {500, "InternalError" }}, { ERR_NOT_IMPLEMENTED, {501, "NotImplemented" }}, { ERR_SERVICE_UNAVAILABLE, {503, "ServiceUnavailable"}}, + { ERR_ZERO_IN_URL, {400, "InvalidRequest" }}, }); rgw_http_errors rgw_http_swift_errors({ @@ -118,6 +119,10 @@ rgw_http_errors rgw_http_swift_errors({ { ERR_BAD_URL, {412, "Bad URL" }}, { ERR_NOT_SLO_MANIFEST, {400, "Not an SLO manifest" }}, { ERR_QUOTA_EXCEEDED, {413, "QuotaExceeded" }}, + /* FIXME(rzarzynski): we need to find a way to apply Swift's error handling + * procedures also for ERR_ZERO_IN_URL. This make a problem as the validation + * is performed very early, even before setting the req_state::proto_flags. */ + { ERR_ZERO_IN_URL, {412, "Invalid UTF8 or contains NULL"}}, }); int rgw_perf_start(CephContext *cct) diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index bf05d13a12f..78c69935ba4 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -210,6 +210,7 @@ using ceph::crypto::MD5; #define ERR_INVALID_LOCATION_CONSTRAINT 2208 #define ERR_TAG_CONFLICT 2209 #define ERR_INVALID_TAG 2210 +#define ERR_ZERO_IN_URL 2211 #define ERR_BUSY_RESHARDING 2300 diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc index a039034be63..8299cff0562 100644 --- a/src/rgw/rgw_rest.cc +++ b/src/rgw/rgw_rest.cc @@ -2212,6 +2212,10 @@ int RGWREST::preprocess(struct req_state *s, rgw::io::BasicClient* cio) } s->decoded_uri = url_decode(s->info.request_uri); + /* Validate for being free of the '\0' buried in the middle of the string. */ + if (std::strlen(s->decoded_uri.c_str()) != s->decoded_uri.length()) { + return -ERR_ZERO_IN_URL; + } /* FastCGI specification, section 6.3 * http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S6.3 |