sys-cluster/ceph: Revision bump to 10.2.3-r1 for CVE-2016-8626

Gentoo-Bug: 598206

Package-Manager: portage-2.3.2

1 files changed, 33 insertions, 0 deletions

diff --git a/sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch b/sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch
new file mode 100644
index 000000000000..d767d8170dfa
--- /dev/null
+++ b/sys-cluster/ceph/files/ceph-10.2.3-CVE-2016-8626.patch
@@ -0,0 +1,33 @@
+commit dc2ffda7819d2ebeed3526d9e6da8f53221818de
+Author: Yehuda Sadeh <yehuda@redhat.com>
+Date:   Thu Oct 20 10:17:36 2016 -0700
+
+    rgw: handle empty POST condition
+    
+    Fixes: http://tracker.ceph.com/issues/17635
+    
+    Before accessing json entity, need to check that iterator is valid.
+    If there is no entry return appropriate error code.
+    
+    Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
+    (cherry picked from commit 23cb642243e09ca4a8e104f62a3bb7b2cbb6ea12)
+
+diff --git a/src/rgw/rgw_policy_s3.cc b/src/rgw/rgw_policy_s3.cc
+index 3843511..8af70a8 100644
+--- a/src/rgw/rgw_policy_s3.cc
++++ b/src/rgw/rgw_policy_s3.cc
+@@ -286,11 +286,13 @@ int RGWPolicy::from_json(bufferlist& bl, string& err_msg)
+       int r = add_condition(v[0], v[1], v[2], err_msg);
+       if (r < 0)
+         return r;
+-    } else {
++    } else if (!citer.end()) {
+       JSONObj *c = *citer;
+       dout(0) << "adding simple_check: " << c->get_name() << " : " << c->get_data() << dendl;
+ 
+       add_simple_check(c->get_name(), c->get_data());
++    } else {
++      return -EINVAL;
+     }
+   }
+   return 0;