From: Denis V. Meltsaykin <dmeltsaykin@mirantis.com>
Date: Mon, 7 Dec 2015 17:21:58 +0000 (+0300)
Subject: [CVE-2015-5245] rgw: url encode exposed bucket
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=4540fc1d1193d5f4d4523c13e4ec2cd733096434;p=packages%2Ftrusty%2Fceph.git

[CVE-2015-5245] rgw: url encode exposed bucket

This commit contains changes from:
	* http://tracker.ceph.com/issues/12537
	  rgw: url encode exposed bucket
	  Don't send the bucket name back without url encoding it.
	* http://tracker.ceph.com/issues/11860
	  rgw: Do not enclose the Bucket header in quotes
	  HTTP headers don't have to be enclosed when it's a string.

The aforementioned commits help to prevent CVE-2015-5245

Note: Changed test group for fuel-qa to work.

Closes-Bug: #1520185
Change-Id: I934309ecce99628b6d1309658ee3506cc4153d64
---

diff --git a/debian/changelog b/debian/changelog
index 7b46976e..7fe268e9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ceph (0.80.9-1~u14.04+mos2+mos7.0+1) mos7.0; urgency=hi
+
+  * Fix security vulnerability CVE-2015-5245
+    http://tracker.ceph.com/issues/12537
+    http://tracker.ceph.com/issues/11860
+
+ -- Denis Meltsaykin <dmeltsaykin@mirantis.com>  Mon, 07 Dec 2015 20:19:12 +0300
+
 ceph (0.80.9-1~u14.04+mos2) mos7.0; urgency=medium
 
   * Repackaged for 7.0 
diff --git a/debian/patches/series b/debian/patches/series
index 8e560e85..a334894f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 virtualenv-never-download
 modules.patch
+url_encode_exposed_bucket.patch
diff --git a/debian/patches/url_encode_exposed_bucket.patch b/debian/patches/url_encode_exposed_bucket.patch
new file mode 100644
index 00000000..6ba037eb
--- /dev/null
+++ b/debian/patches/url_encode_exposed_bucket.patch
@@ -0,0 +1,17 @@
+diff -Nuar ceph-0.80.9/src/rgw/rgw_rest.cc ceph-0.80.9-WIP/src/rgw/rgw_rest.cc
+--- ceph-0.80.9/src/rgw/rgw_rest.cc	2015-04-09 00:30:46.000000000 +0300
++++ ceph-0.80.9-WIP/src/rgw/rgw_rest.cc	2015-12-07 22:16:13.100942762 +0300
+@@ -272,8 +272,11 @@
+ {
+   int expose_bucket = g_conf->rgw_expose_bucket;
+   if (expose_bucket) {
+-    if (!s->bucket_name_str.empty())
+-      s->cio->print("Bucket: \"%s\"\r\n", s->bucket_name_str.c_str());
++    if (!s->bucket_name_str.empty()){
++      string b;
++      url_encode(s->bucket_name_str, b);
++      s->cio->print("Bucket: %s\r\n", b.c_str());
++    }
+   }
+ }
+ 
diff --git a/tests/integration_tests.conf b/tests/integration_tests.conf
index 70505fad..27329192 100644
--- a/tests/integration_tests.conf
+++ b/tests/integration_tests.conf
@@ -1 +1 @@
-TEST_GROUP='ceph_multinode_compact'
+TEST_GROUP='ceph_ha_one_controller_compact'