From ed97f95b6608fb11703b18d38b6690ee8b3dbcd6 Mon Sep 17 00:00:00 2001
From: wangzengliang <wangzengliang2@huawei.com>
Date: Mon, 9 Oct 2023 10:50:45 +0800
Subject: [PATCH] fix CVE-2023-43040

Fixes: https://tracker.ceph.com/issues/63004
copied-by: https://github.com/ceph/ceph/pull/53758
signed-off-by: Joshua Baergen <jbaergen@gigitalocean.com>
---
 src/rgw/rgw_rest_s3.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 2247c20dd..d06feddd0 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2660,10 +2660,6 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
 
   map_qs_metadata(s);
 
-  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
-		    << dendl;
-  env.add_var("bucket", s->bucket->get_name());
-
   bool done;
   do {
     struct post_form_part part;
@@ -2714,6 +2710,10 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
     env.add_var(part.name, part_str);
   } while (!done);
 
+  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
+		    << dendl;
+  env.add_var("bucket", s->bucket->get_name());
+
   string object_str;
   if (!part_str(parts, "key", &object_str)) {
     err_msg = "Key not specified";
-- 
2.27.0