fix CVE-2023-43040

2023-10-09 11:09:16 +08:00 · 2023-10-09 11:09:16 +08:00 · 55becf4a50
commit 55becf4a50
parent 9901670669
2 changed files with 46 additions and 1 deletions
--- a/0023-Fix-CVE-2023-43040.patch
+++ b/0023-Fix-CVE-2023-43040.patch
@ -0,0 +1,41 @@
+From ed97f95b6608fb11703b18d38b6690ee8b3dbcd6 Mon Sep 17 00:00:00 2001
+From: wangzengliang <wangzengliang2@huawei.com>
+Date: Mon, 9 Oct 2023 10:50:45 +0800
+Subject: [PATCH] fix CVE-2023-43040
+
+Fixes: https://tracker.ceph.com/issues/63004
+copied-by: https://github.com/ceph/ceph/pull/53758
+signed-off-by: Joshua Baergen <jbaergen@gigitalocean.com>
+---
+ src/rgw/rgw_rest_s3.cc | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index 2247c20dd..d06feddd0 100644
+--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
+@@ -2660,10 +2660,6 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
+ 
+   map_qs_metadata(s);
+ 
+-  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
+-		    << dendl;
+-  env.add_var("bucket", s->bucket->get_name());
+-
+   bool done;
+   do {
+     struct post_form_part part;
+@@ -2714,6 +2710,10 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
+     env.add_var(part.name, part_str);
+   } while (!done);
+ 
+  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
+		    << dendl;
+  env.add_var("bucket", s->bucket->get_name());
+
+   string object_str;
+   if (!part_str(parts, "key", &object_str)) {
+     err_msg = "Key not specified";
+-- 
+2.27.0
+
--- a/ceph.spec
+++ b/ceph.spec
@ -129,7 +129,7 @@
 #################################################################################
 Name:		ceph
 Version:	16.2.7
-Release:	23
+Release:	24
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
 Epoch:		2
 %endif
@ -169,6 +169,7 @@ Patch19: 0019-include-memory.patch
 Patch20: 0020-compiled-with-gcc12.patch
 Patch21: 0021-boost-enable-sw64-architecture.patch
 Patch22: 0022-add-atomic-library-for-riscv64.patch
+Patch23: 0023-Fix-CVE-2023-43040.patch
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@ -2534,6 +2535,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml

 %changelog
+* Mon Oct 9 2023 wangzengliang <wangzengliang2@huawei.com> - 2:16.2.7-24
+- fix CVE-2023-43040
+
 * Wed Aug 23 2023 laokz <zhangkai@iscas.ac.cn> - 2:16.2.7-23
 - fix riscv64 16-byte atomic build error