Before patch:
```
vagrant@vagrant:~/swift$ swift-init restart proxy
Signal proxy-server pid: 223087 signal: Signals.SIGTERM
Signal proxy-server pid: 223088 signal: Signals.SIGTERM
proxy-server (223088) appears to have stopped
proxy-server (223087) appears to have stopped
WARNING: Unable to modify max process limit. Running as non-root?
Starting proxy-server...(/etc/swift/proxy-server/proxy-noauth.conf.d)
Starting proxy-server...(/etc/swift/proxy-server/proxy-server.conf.d)
After patch:
```
vagrant@vagrant:~/swift$ swift-init restart proxy
Signal proxy-server pid: 223110 signal: Signals.SIGTERM
Signal proxy-server pid: 223111 signal: Signals.SIGTERM
proxy-server (223110) appears to have stopped
proxy-server (223111) appears to have stopped
WARNING: Unable to modify max process limit. Running as non-root?
Starting proxy-server...(/etc/swift/proxy-server/proxy-noauth.conf.d)
Starting proxy-server...(/etc/swift/proxy-server/proxy-server.conf.d)
Checked new version of patch attached here https:/ /bugs.launchpad .net/swift/ +bug/1998625/ comments/ 23, looks ok.
Before patch: vagrant: ~/swift$ swift-init restart proxy ..(/etc/ swift/proxy- server/ proxy-noauth. conf.d) ..(/etc/ swift/proxy- server/ proxy-server. conf.d)
```
vagrant@
Signal proxy-server pid: 223087 signal: Signals.SIGTERM
Signal proxy-server pid: 223088 signal: Signals.SIGTERM
proxy-server (223088) appears to have stopped
proxy-server (223087) appears to have stopped
WARNING: Unable to modify max process limit. Running as non-root?
Starting proxy-server.
Starting proxy-server.
vagrant@ vagrant: ~/swift$ curl 'http:// saio3:8080/ my-bucket? acl=' -X PUT -H "Host: saio3:8080" -H "Content-Type: application/ x-www-form- urlencoded; charset=utf-8" -H "X-Amz- Content- Sha256: 4fd507f2889d8d4 2ee3e03fb208607 48c0e5921dc3456 76d85fae0cc5891 dfdf" -H "X-Amz-Date: 20230113T123756Z" -H "Authorization: AWS4-HMAC-SHA256 Credential= test:tester/ 20230113/ us-east- 1/s3/aws4_ request, SignedHeaders= content- length; content- type;host; x-amz-content- sha256; x-amz-date, Signature= 054202b4db5e2d6 e047f7abc696455 5bb36538a265399 bfdcff13bbe32c1 e95b" --data-binary '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:/ //etc/hostname" > ]> olicy xmlns="http:// s3.amazonaws. com/doc/ 2006-03- 01/"> e>test: tester< /DisplayName> test:tester< /ID> www.w3. org/2001/ XMLSchema- instance" xsi:type= "CanonicalUser" >
<DisplayNa me>foo &xxe;</DisplayName>
<Permission> WRITE</ Permission> List> Policy> '
<AccessControlP
<Owner>
<DisplayNam
<ID>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://
<ID>foo &xxe;</ID>
</Grantee>
</Grant>
</AccessControl
</AccessControl
vagrant@ vagrant: ~/swift$ aws s3api get-bucket-acl --bucket my-bucket
"DisplayName" : "test:tester",
"Grantee" : {
"DisplayName" : "foo vagrant\n",
"ID": "foo vagrant\n",
"Type" : "CanonicalUser"
"Permissio n": "WRITE"
{
"Owner": {
"ID": "test:tester"
},
"Grants": [
{
},
}
]
}
```
After patch: vagrant: ~/swift$ swift-init restart proxy ..(/etc/ swift/proxy- server/ proxy-noauth. conf.d) ..(/etc/ swift/proxy- server/ proxy-server. conf.d)
```
vagrant@
Signal proxy-server pid: 223110 signal: Signals.SIGTERM
Signal proxy-server pid: 223111 signal: Signals.SIGTERM
proxy-server (223110) appears to have stopped
proxy-server (223111) appears to have stopped
WARNING: Unable to modify max process limit. Running as non-root?
Starting proxy-server.
Starting proxy-server.
vagrant@ vagrant: ~/swift$ curl 'http:// saio3:8080/ my-bucket? acl=' -X PUT -H "Host: saio3:8080" -H "Content-Type: application/ x-www-form- urlencoded; charset=utf-8" -H "X-Amz- Content- Sha256: 4fd507f2889d8d4 2ee3e03fb208607 48c0e5921dc3456 76d85fae0cc5891 dfdf" -H "X-Amz-Date: 20230113T123756Z" -H "Authorization: AWS4-HMAC-SHA256 Credential= test:tester/ 20230113/ us-east- 1/s3/aws4_ request, SignedHeaders= content- length; content- type;host; x-amz-content- sha256; x-amz-date, Signature= 054202b4db5e2d6 e047f7abc696455 5bb36538a265399 bfdcff13bbe32c1 e95b" --data-binary '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:/ //etc/hostname" > ]> olicy xmlns="http:// s3.amazonaws. com/doc/ 2006-03- 01/"> e>test: tester< /DisplayName> test:tester< /ID> www.w3. org/2001/ XMLSchema- instance" xsi:type= "CanonicalUser" >
<DisplayNa me>foo &xxe;</DisplayName>
<Permission> WRITE</ Permission> List> Policy> '
<AccessControlP
<Owner>
<DisplayNam
<ID>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://
<ID>foo &xxe;</ID>
</Grantee>
</Grant>
</AccessControl
</AccessControl
vagrant@ vagrant: ~/swift$ aws s3api get-bucket-acl --bucket my-bucket
"DisplayName" : "test:tester",
"Grantee" : {
"DisplayName" : "foo ",
"ID": "foo ",
"Type" : "CanonicalUser"
"Permissio n": "WRITE"
{
"Owner": {
"ID": "test:tester"
},
"Grants": [
{
},
}
]
}
```
Checked the unit tests fail if fix is reverted.
Unable to confirm the functional test due to something awry with boto on my vsaio (not specific to the new functional test).