34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From d543770ca4c0ae6a9882cb5796298d9240f42e6f Mon Sep 17 00:00:00 2001
|
|
From: wangzengliang1 <wangzengliang2@huawei.com>
|
|
Date: Mon, 20 Jan 2025 11:05:26 +0800
|
|
Subject: [PATCH] cve-2024-48916
|
|
copyed-by: https://github.com/ceph/ceph/pull/60624
|
|
while authenticating AssumeRoleWithWebIdentity using JWT obtained
|
|
from an external IDP.
|
|
|
|
fixes: https://tracker.ceph.com/issues/68836
|
|
Signed-off-by Pritha Srivastava <prsrivas@redhat.com>
|
|
---
|
|
src/rgw/rgw_rest_sts.cc | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
|
|
index af1b96c..9c24c68 100644
|
|
--- a/src/rgw/rgw_rest_sts.cc
|
|
+++ b/src/rgw/rgw_rest_sts.cc
|
|
@@ -291,7 +291,11 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec
|
|
.allow_algorithm(jwt::algorithm::ps512{cert});
|
|
|
|
verifier.verify(decoded);
|
|
+ } else {
|
|
+ ldpp_dout(dpp, 0) << "Unsupported algorithm: " << algorithm << dendl;
|
|
+ throw -EINVAL;
|
|
}
|
|
+
|
|
} catch (std::runtime_error& e) {
|
|
ldpp_dout(dpp, 0) << "Signature validation failed: " << e.what() << dendl;
|
|
throw;
|
|
--
|
|
1.8.3.1
|
|
|