RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-04 02:02:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

libradosstriper: remove format injection vulnerability

Browse Source 
Fixes: http://tracker.ceph.com/issues/20240

Signed-off-by: Stan K <redrampage@selectel.ru>
This commit is contained in:
Jesse Williamson 2017-06-13 12:31:16 -07:00
parent ac3c6c5e43
commit e94d3b9661
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/libradosstriper/RadosStriperImpl.cc
View File

@ -12,6 +12,8 @@
*
*/
#include <boost/algorithm/string/replace.hpp>
#include "libradosstriper/RadosStriperImpl.h"
#include <errno.h>
@ -501,7 +503,9 @@ int libradosstriper::RadosStriperImpl::aio_read(const std::string& soid,
// get list of extents to be read from
vector<ObjectExtent> *extents = new vector<ObjectExtent>();
if (read_len > 0) {
std::string format = soid + RADOS_OBJECT_EXTENSION_FORMAT;
std::string format = soid;
boost::replace_all(format, "%", "%%");
format += RADOS_OBJECT_EXTENSION_FORMAT;
file_layout_t l;
l.from_legacy(layout);
Striper::file_to_extents(cct(), format.c_str(), &l, off, read_len,
@ -1077,7 +1081,9 @@ libradosstriper::RadosStriperImpl::internal_aio_write(const std::string& soid,
if (len > 0) {
// get list of extents to be written to
vector<ObjectExtent> extents;
std::string format = soid + RADOS_OBJECT_EXTENSION_FORMAT;
std::string format = soid;
boost::replace_all(format, "%", "%%");
format += RADOS_OBJECT_EXTENSION_FORMAT;
file_layout_t l;
l.from_legacy(layout);
Striper::file_to_extents(cct(), format.c_str(), &l, off, len, 0, extents);