]> review.fuel-infra Code Review - packages/trusty/ceph.git/commit
Code Review / packages / trusty / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: b18291a) | patch
[CVE-2015-5245] rgw: url encode exposed bucket 76/14876/4
authorDenis V. Meltsaykin <dmeltsaykin@mirantis.com>
Mon, 7 Dec 2015 17:21:58 +0000 (20:21 +0300)
committerDenis V. Meltsaykin <dmeltsaykin@mirantis.com>
Mon, 11 Jan 2016 14:38:43 +0000 (17:38 +0300)
commit4540fc1d1193d5f4d4523c13e4ec2cd733096434
treecadd26768718f348c3552e27ab441c10addebedatree | snapshot
parentb18291a6c91ff63cda55e0a3e699ddde5f30838bcommit | diff
[CVE-2015-5245] rgw: url encode exposed bucket

This commit contains changes from:
* http://tracker.ceph.com/issues/12537
  rgw: url encode exposed bucket
  Don't send the bucket name back without url encoding it.
* http://tracker.ceph.com/issues/11860
  rgw: Do not enclose the Bucket header in quotes
  HTTP headers don't have to be enclosed when it's a string.

The aforementioned commits help to prevent CVE-2015-5245

Note: Changed test group for fuel-qa to work.

Closes-Bug: #1520185
Change-Id: I934309ecce99628b6d1309658ee3506cc4153d64
debian/changelog diff | blob | history
debian/patches/series diff | blob | history
debian/patches/url_encode_exposed_bucket.patch [new file with mode: 0644] blob
tests/integration_tests.conf diff | blob | history