RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-01 08:32:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

rgw: sanitize customer encryption keys from log output in v4 auth

Browse Source 
Fixes: http://tracker.ceph.com/issues/37847

CVE-2018-16889

Signed-off-by: Casey Bodley <cbodley@redhat.com>
This commit is contained in:
Casey Bodley 2018-12-10 12:38:01 -05:00
parent 7c081e0fc8
commit 000797941f
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/rgw/rgw_auth_s3.cc
View File

@ -640,7 +640,8 @@ get_v4_canon_req_hash(CephContext* cct,
const auto canonical_req_hash = calc_hash_sha256(canonical_req);
ldout(cct, 10) << "canonical request = " << canonical_req << dendl;
using sanitize = rgw::crypt_sanitize::log_content;
ldout(cct, 10) << "canonical request = " << sanitize{canonical_req} << dendl;
ldout(cct, 10) << "canonical request hash = "
<< buf_to_hex(canonical_req_hash).data() << dendl;

5
src/rgw/rgw_rest_s3.cc
View File

@ -3883,8 +3883,9 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
boost::optional<std::string> canonical_headers = \
get_v4_canonical_headers(s->info, signed_hdrs, using_qs);
if (canonical_headers) {
ldout(s->cct, 10) << "canonical headers format = " << *canonical_headers
<< dendl;
using sanitize = rgw::crypt_sanitize::log_content;
ldout(s->cct, 10) << "canonical headers format = "
<< sanitize{*canonical_headers} << dendl;
} else {
throw -EPERM;
}