diff -Nru ceph-13.2.6/debian/changelog ceph-13.2.6/debian/changelog --- ceph-13.2.6/debian/changelog 2019-07-12 11:03:05.000000000 +0000 +++ ceph-13.2.6/debian/changelog 2019-08-28 06:02:16.000000000 +0000 @@ -1,3 +1,12 @@ +ceph (13.2.6-0ubuntu0.19.04.3) disco-security; urgency=medium + + * SECURITY UPDATE: RADOS gateway remote denial of service + - d/p/CVE-2019-10222.patch: rgw: asio: check the remote endpoint + before processing requests. + - CVE-2019-10222 + + -- Steve Beattie Tue, 27 Aug 2019 23:02:16 -0700 + ceph (13.2.6-0ubuntu0.19.04.2) disco; urgency=medium * d/p/bug1832105.patch: Cherry pick fix to avoid cython interpreter diff -Nru ceph-13.2.6/debian/patches/CVE-2019-10222.patch ceph-13.2.6/debian/patches/CVE-2019-10222.patch --- ceph-13.2.6/debian/patches/CVE-2019-10222.patch 1970-01-01 00:00:00.000000000 +0000 +++ ceph-13.2.6/debian/patches/CVE-2019-10222.patch 2019-08-28 06:01:36.000000000 +0000 @@ -0,0 +1,42 @@ +>From e57eb949aebee7ebc4c11e9ec1da969503ae10c8 Mon Sep 17 00:00:00 2001 +From: Abhishek Lekshmanan +Date: Wed, 7 Aug 2019 17:09:32 +0200 +Subject: [PATCH] rgw: asio: check the remote endpoint before processing + requests + +If a client disconnects after sending headers, then socket.remote_endpoint() +which ultimately calls getpeername syscall would throw an error corresponding to +ENOTCONN. Switch to the non throwing version of remote_endpoint call and return +when this is detected. + +Fixes: https://tracker.ceph.com/issues/40018 +Signed-off-by: Abhishek Lekshmanan +--- + src/rgw/rgw_asio_frontend.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc +index d4ea4483e5..cd4c31e8f5 100644 +--- a/src/rgw/rgw_asio_frontend.cc ++++ b/src/rgw/rgw_asio_frontend.cc +@@ -146,9 +146,16 @@ void handle_connection(boost::asio::io_context& context, + RGWRequest req{env.store->get_new_req_id()}; + + auto& socket = stream.lowest_layer(); ++ const auto& remote_endpoint = socket.remote_endpoint(ec); ++ if (ec) { ++ ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl; ++ return; ++ } ++ ++ + StreamIO real_client{stream, parser, buffer, is_ssl, + socket.local_endpoint(), +- socket.remote_endpoint()}; ++ remote_endpoint}; + + auto real_client_io = rgw::io::add_reordering( + rgw::io::add_buffering(cct, +-- +2.16.4 + diff -Nru ceph-13.2.6/debian/patches/series ceph-13.2.6/debian/patches/series --- ceph-13.2.6/debian/patches/series 2019-07-03 13:57:18.000000000 +0000 +++ ceph-13.2.6/debian/patches/series 2019-08-28 05:51:59.000000000 +0000 @@ -8,3 +8,4 @@ bug1832105.patch mgr-crash-fix-python3-invalid-syntax-problems.patch mgr-python-3-compat-fixes.patch +CVE-2019-10222.patch diff -Nru ceph-13.2.6/src/test/debian-jessie/debian/changelog ceph-13.2.6/src/test/debian-jessie/debian/changelog --- ceph-13.2.6/src/test/debian-jessie/debian/changelog 2019-07-12 11:03:05.000000000 +0000 +++ ceph-13.2.6/src/test/debian-jessie/debian/changelog 2019-08-28 06:02:16.000000000 +0000 @@ -1,3 +1,12 @@ +ceph (13.2.6-0ubuntu0.19.04.3) disco-security; urgency=medium + + * SECURITY UPDATE: RADOS gateway remote denial of service + - d/p/CVE-2019-10222.patch: rgw: asio: check the remote endpoint + before processing requests. + - CVE-2019-10222 + + -- Steve Beattie Tue, 27 Aug 2019 23:02:16 -0700 + ceph (13.2.6-0ubuntu0.19.04.2) disco; urgency=medium * d/p/bug1832105.patch: Cherry pick fix to avoid cython interpreter diff -Nru ceph-13.2.6/src/test/debian-jessie/debian/patches/CVE-2019-10222.patch ceph-13.2.6/src/test/debian-jessie/debian/patches/CVE-2019-10222.patch --- ceph-13.2.6/src/test/debian-jessie/debian/patches/CVE-2019-10222.patch 1970-01-01 00:00:00.000000000 +0000 +++ ceph-13.2.6/src/test/debian-jessie/debian/patches/CVE-2019-10222.patch 2019-08-28 06:01:36.000000000 +0000 @@ -0,0 +1,42 @@ +>From e57eb949aebee7ebc4c11e9ec1da969503ae10c8 Mon Sep 17 00:00:00 2001 +From: Abhishek Lekshmanan +Date: Wed, 7 Aug 2019 17:09:32 +0200 +Subject: [PATCH] rgw: asio: check the remote endpoint before processing + requests + +If a client disconnects after sending headers, then socket.remote_endpoint() +which ultimately calls getpeername syscall would throw an error corresponding to +ENOTCONN. Switch to the non throwing version of remote_endpoint call and return +when this is detected. + +Fixes: https://tracker.ceph.com/issues/40018 +Signed-off-by: Abhishek Lekshmanan +--- + src/rgw/rgw_asio_frontend.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc +index d4ea4483e5..cd4c31e8f5 100644 +--- a/src/rgw/rgw_asio_frontend.cc ++++ b/src/rgw/rgw_asio_frontend.cc +@@ -146,9 +146,16 @@ void handle_connection(boost::asio::io_context& context, + RGWRequest req{env.store->get_new_req_id()}; + + auto& socket = stream.lowest_layer(); ++ const auto& remote_endpoint = socket.remote_endpoint(ec); ++ if (ec) { ++ ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl; ++ return; ++ } ++ ++ + StreamIO real_client{stream, parser, buffer, is_ssl, + socket.local_endpoint(), +- socket.remote_endpoint()}; ++ remote_endpoint}; + + auto real_client_io = rgw::io::add_reordering( + rgw::io::add_buffering(cct, +-- +2.16.4 + diff -Nru ceph-13.2.6/src/test/debian-jessie/debian/patches/series ceph-13.2.6/src/test/debian-jessie/debian/patches/series --- ceph-13.2.6/src/test/debian-jessie/debian/patches/series 2019-07-03 13:57:18.000000000 +0000 +++ ceph-13.2.6/src/test/debian-jessie/debian/patches/series 2019-08-28 05:51:59.000000000 +0000 @@ -8,3 +8,4 @@ bug1832105.patch mgr-crash-fix-python3-invalid-syntax-problems.patch mgr-python-3-compat-fixes.patch +CVE-2019-10222.patch diff -Nru ceph-13.2.6/src/test/ubuntu-16.04/debian/changelog ceph-13.2.6/src/test/ubuntu-16.04/debian/changelog --- ceph-13.2.6/src/test/ubuntu-16.04/debian/changelog 2019-07-12 11:03:05.000000000 +0000 +++ ceph-13.2.6/src/test/ubuntu-16.04/debian/changelog 2019-08-28 06:02:16.000000000 +0000 @@ -1,3 +1,12 @@ +ceph (13.2.6-0ubuntu0.19.04.3) disco-security; urgency=medium + + * SECURITY UPDATE: RADOS gateway remote denial of service + - d/p/CVE-2019-10222.patch: rgw: asio: check the remote endpoint + before processing requests. + - CVE-2019-10222 + + -- Steve Beattie Tue, 27 Aug 2019 23:02:16 -0700 + ceph (13.2.6-0ubuntu0.19.04.2) disco; urgency=medium * d/p/bug1832105.patch: Cherry pick fix to avoid cython interpreter diff -Nru ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/CVE-2019-10222.patch ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/CVE-2019-10222.patch --- ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/CVE-2019-10222.patch 1970-01-01 00:00:00.000000000 +0000 +++ ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/CVE-2019-10222.patch 2019-08-28 06:01:36.000000000 +0000 @@ -0,0 +1,42 @@ +>From e57eb949aebee7ebc4c11e9ec1da969503ae10c8 Mon Sep 17 00:00:00 2001 +From: Abhishek Lekshmanan +Date: Wed, 7 Aug 2019 17:09:32 +0200 +Subject: [PATCH] rgw: asio: check the remote endpoint before processing + requests + +If a client disconnects after sending headers, then socket.remote_endpoint() +which ultimately calls getpeername syscall would throw an error corresponding to +ENOTCONN. Switch to the non throwing version of remote_endpoint call and return +when this is detected. + +Fixes: https://tracker.ceph.com/issues/40018 +Signed-off-by: Abhishek Lekshmanan +--- + src/rgw/rgw_asio_frontend.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc +index d4ea4483e5..cd4c31e8f5 100644 +--- a/src/rgw/rgw_asio_frontend.cc ++++ b/src/rgw/rgw_asio_frontend.cc +@@ -146,9 +146,16 @@ void handle_connection(boost::asio::io_context& context, + RGWRequest req{env.store->get_new_req_id()}; + + auto& socket = stream.lowest_layer(); ++ const auto& remote_endpoint = socket.remote_endpoint(ec); ++ if (ec) { ++ ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl; ++ return; ++ } ++ ++ + StreamIO real_client{stream, parser, buffer, is_ssl, + socket.local_endpoint(), +- socket.remote_endpoint()}; ++ remote_endpoint}; + + auto real_client_io = rgw::io::add_reordering( + rgw::io::add_buffering(cct, +-- +2.16.4 + diff -Nru ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/series ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/series --- ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/series 2019-07-03 13:57:18.000000000 +0000 +++ ceph-13.2.6/src/test/ubuntu-16.04/debian/patches/series 2019-08-28 05:51:59.000000000 +0000 @@ -8,3 +8,4 @@ bug1832105.patch mgr-crash-fix-python3-invalid-syntax-problems.patch mgr-python-3-compat-fixes.patch +CVE-2019-10222.patch diff -Nru ceph-13.2.6/src/test/ubuntu-17.04/debian/changelog ceph-13.2.6/src/test/ubuntu-17.04/debian/changelog --- ceph-13.2.6/src/test/ubuntu-17.04/debian/changelog 2019-07-12 11:03:05.000000000 +0000 +++ ceph-13.2.6/src/test/ubuntu-17.04/debian/changelog 2019-08-28 06:02:16.000000000 +0000 @@ -1,3 +1,12 @@ +ceph (13.2.6-0ubuntu0.19.04.3) disco-security; urgency=medium + + * SECURITY UPDATE: RADOS gateway remote denial of service + - d/p/CVE-2019-10222.patch: rgw: asio: check the remote endpoint + before processing requests. + - CVE-2019-10222 + + -- Steve Beattie Tue, 27 Aug 2019 23:02:16 -0700 + ceph (13.2.6-0ubuntu0.19.04.2) disco; urgency=medium * d/p/bug1832105.patch: Cherry pick fix to avoid cython interpreter diff -Nru ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/CVE-2019-10222.patch ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/CVE-2019-10222.patch --- ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/CVE-2019-10222.patch 1970-01-01 00:00:00.000000000 +0000 +++ ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/CVE-2019-10222.patch 2019-08-28 06:01:36.000000000 +0000 @@ -0,0 +1,42 @@ +>From e57eb949aebee7ebc4c11e9ec1da969503ae10c8 Mon Sep 17 00:00:00 2001 +From: Abhishek Lekshmanan +Date: Wed, 7 Aug 2019 17:09:32 +0200 +Subject: [PATCH] rgw: asio: check the remote endpoint before processing + requests + +If a client disconnects after sending headers, then socket.remote_endpoint() +which ultimately calls getpeername syscall would throw an error corresponding to +ENOTCONN. Switch to the non throwing version of remote_endpoint call and return +when this is detected. + +Fixes: https://tracker.ceph.com/issues/40018 +Signed-off-by: Abhishek Lekshmanan +--- + src/rgw/rgw_asio_frontend.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc +index d4ea4483e5..cd4c31e8f5 100644 +--- a/src/rgw/rgw_asio_frontend.cc ++++ b/src/rgw/rgw_asio_frontend.cc +@@ -146,9 +146,16 @@ void handle_connection(boost::asio::io_context& context, + RGWRequest req{env.store->get_new_req_id()}; + + auto& socket = stream.lowest_layer(); ++ const auto& remote_endpoint = socket.remote_endpoint(ec); ++ if (ec) { ++ ldout(cct, 1) << "failed to connect client: " << ec.message() << dendl; ++ return; ++ } ++ ++ + StreamIO real_client{stream, parser, buffer, is_ssl, + socket.local_endpoint(), +- socket.remote_endpoint()}; ++ remote_endpoint}; + + auto real_client_io = rgw::io::add_reordering( + rgw::io::add_buffering(cct, +-- +2.16.4 + diff -Nru ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/series ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/series --- ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/series 2019-07-03 13:57:18.000000000 +0000 +++ ceph-13.2.6/src/test/ubuntu-17.04/debian/patches/series 2019-08-28 05:51:59.000000000 +0000 @@ -8,3 +8,4 @@ bug1832105.patch mgr-crash-fix-python3-invalid-syntax-problems.patch mgr-python-3-compat-fixes.patch +CVE-2019-10222.patch