diff options
Diffstat (limited to 'recipes-extended/ceph/ceph/0001-rgw-reject-unauthenticated-response-header-actions.patch')
-rw-r--r-- | recipes-extended/ceph/ceph/0001-rgw-reject-unauthenticated-response-header-actions.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/recipes-extended/ceph/ceph/0001-rgw-reject-unauthenticated-response-header-actions.patch b/recipes-extended/ceph/ceph/0001-rgw-reject-unauthenticated-response-header-actions.patch deleted file mode 100644 index ae241473..00000000 --- a/recipes-extended/ceph/ceph/0001-rgw-reject-unauthenticated-response-header-actions.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 8f90658c731499722d5f4393c8ad70b971d05f77 Mon Sep 17 00:00:00 2001 -From: Matt Benjamin <mbenjamin@redhat.com> -Date: Fri, 27 Mar 2020 18:13:48 +0100 -Subject: [PATCH] rgw: reject unauthenticated response-header actions - -Signed-off-by: Matt Benjamin <mbenjamin@redhat.com> -Reviewed-by: Casey Bodley <cbodley@redhat.com> -(cherry picked from commit d8dd5e513c0c62bbd7d3044d7e2eddcd897bd400) - -CVE: CVE-2020-1760 -Upstream Status: Backport [8f90658c731499722d5f4393c8ad70b971d05f77] - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - src/rgw/rgw_rest_s3.cc | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc -index 532d738b58..1bfc8312de 100644 ---- a/src/rgw/rgw_rest_s3.cc -+++ b/src/rgw/rgw_rest_s3.cc -@@ -298,6 +298,11 @@ int RGWGetObj_ObjStore_S3::send_response_data(bufferlist& bl, off_t bl_ofs, - bool exists; - string val = s->info.args.get(p->param, &exists); - if (exists) { -+ /* reject unauthenticated response header manipulation, see -+ * https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html */ -+ if (s->auth.identity->is_anonymous()) { -+ return -EPERM; -+ } - if (strcmp(p->param, "response-content-type") != 0) { - response_attrs[p->http_attr] = val; - } else { --- -2.20.1 - |