Large X-Delete-At values cause object-server to 500
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
High
|
Unassigned |
Bug Description
So you can create objects with X-Delete-At timestamps in the far future:
$ curl -v http://
* Trying 127.0.1.1...
* TCP_NODELAY set
* Connected to saio (127.0.1.1) port 8090 (#0)
> PUT /v1/AUTH_test/c/o HTTP/1.1
> Host: saio:8090
> User-Agent: curl/7.58.0
> Accept: */*
> x-delete-
> Content-Length: 4
> Content-Type: application/
>
* upload completely sent off: 4 out of 4 bytes
< HTTP/1.1 201 Created
< Content-Type: text/html; charset=UTF-8
< Content-Length: 0
< Etag: 81dc9bdb52d04dc
< Last-Modified: Fri, 17 Jan 2020 15:51:01 GMT
< X-Trans-Id: txb9beeddcc9714
< X-Openstack-
< Date: Fri, 17 Jan 2020 15:51:01 GMT
<
* Connection #0 to host saio left intact
This might happen if you've got a JavaScript client accidentally using milliseconds instead of seconds, for example. But then you can't GET the data!
$ curl -v http://
* Trying 127.0.1.1...
* TCP_NODELAY set
* Connected to saio (127.0.1.1) port 8090 (#0)
> GET /v1/AUTH_test/c/o HTTP/1.1
> Host: saio:8090
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< Content-Type: text/html; charset=UTF-8
< Content-Length: 118
< X-Trans-Id: txfa97de0ed5664
< X-Openstack-
< Date: Fri, 17 Jan 2020 15:51:13 GMT
<
* Connection #0 to host saio left intact
<html><h1>Service Unavailable<
Object-server logs show
Jan 17 15:56:20 saio object-6040: ERROR __call__ error with GET /sdb4/312/
Traceback (most recent call last):
File "/vagrant/
res = getattr(self, req.method)(req)
File "/vagrant/
resp = func(ctrl, *args, **kwargs)
File "/vagrant/
with disk_file.
File "/vagrant/
current_
File "/vagrant/
self.
File "/vagrant/
if x_delete_at <= current_time and not self._open_expired:
File "/usr/lib/
op_result = self.__lt__(other)
File "/vagrant/
other = Timestamp(other)
File "/vagrant/
raise ValueError(
ValueError: timestamp too large (txn: txbc10a8f255df4
Similar things happen if you try to overwrite it with a PUT, update the expiration time with a POST, or even just DELETE the damn thing! (Exact tracebacks may vary, of course). Since we've seen this in the wild [0][1], the fix ought to have two parts:
1. Stop tripping exceptions when working with existing data that has a bad x-delete-at timestamp.
2. Stop allowing new PUTs and POSTs with such large x-delete-at timestamps; it almost certainly means there's a client bug.
[0] http://
[1] https:/
Changed in swift: | |
importance: | Undecided → High |
Reviewed: https:/ /review. opendev. org/702950 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=57ca3570e91 1bd290ce0e44bde baa4b5b4ceca13
Committed: https:/
Submitter: Zuul
Branch: master
commit 57ca3570e911bd2 90ce0e44bdebaa4 b5b4ceca13
Author: Tim Burke <email address hidden>
Date: Thu Jan 16 10:07:33 2020 -0800
Allow Timestamp comparisons against out-of-range values
Prior to the related change, clients may have written down X-Delete-At headers
that are outside of the Timestamp range, for example.
Change-Id: Ib8ae7ebcbdb32e 0aa58446bd1ef94 9e5e2f63e74 29eaf9bfe54bd08 6c320b3429e
Related-Change: I23666ec8a067d8
Related-Bug: 1821204
Partial-Bug: 1860149