OpenStack Object Storage (swift)

  1. Bug #1762997
  2. Activity log

Activity log for bug #1762997

Date Who What changed Old value New value Message
2018-04-11 10:57:42 Christopher Bartz bug added bug
2018-04-11 11:01:34 Christopher Bartz description It is possible to create a DLO Manifest with a segments container containing a question mark inside. E.g. curl -XPUT ... -H"x-object-manifest: a%3Fcontainer/prefix" But if this DLO Object should be retrieved (GET or HEAD), a 404 (or incorrect 2xx) is returned. The reason lies in the DLO Middleware: It unquotes the container [1], but does not quote it again when doing the container listing [2]. Thus the internal container listing request looks like this in the proxy log: Apr 11 12:24:21 swift proxy-server: - - 11/Apr/2018/10/24/21 GET /v1/AUTH_account/a%3Fformat%3Djson%26prefix%3Dprefix HTTP/1.0 404 (be aware that the log line is quoted again) This means the container listing is done on the container called "a" and not "a?container". If this container does not exist, a 404 is returned. If the container does exist, an incorrect 2xx response would be returned. [1] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L233 [2] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L147 It is possible to create a DLO Manifest with a segments container containing a question mark inside. E.g. curl -XPUT ... -H"x-object-manifest: a%3Fcontainer/prefix" But if this DLO Object should be retrieved (GET or HEAD), a 404 (or incorrect 2xx) is returned. The reason lies in the DLO Middleware: It unquotes the container [1], but does not quote it again when doing the container listing [2]. Because the path contains now an '?', the '?' is used as the path/query separator, and everything after the '?' is cutted. Thus the internal container listing request looks like this in the proxy log: Apr 11 12:24:21 swift proxy-server: - - 11/Apr/2018/10/24/21 GET /v1/AUTH_account/a%3Fformat%3Djson%26prefix%3Dprefix HTTP/1.0 404 (be aware that the log line is quoted again) This means the container listing is done on the container called "a" and not "a?container". If this container does not exist, a 404 is returned. If the container does exist, an incorrect 2xx response would be returned. [1] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L233 [2] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L147
2018-04-11 11:58:56 Christopher Bartz summary dlo does not work when segments container contains a '?' DLO GET/HEAD does not work if manifest value contains a '?'
2018-04-11 12:03:48 Christopher Bartz description It is possible to create a DLO Manifest with a segments container containing a question mark inside. E.g. curl -XPUT ... -H"x-object-manifest: a%3Fcontainer/prefix" But if this DLO Object should be retrieved (GET or HEAD), a 404 (or incorrect 2xx) is returned. The reason lies in the DLO Middleware: It unquotes the container [1], but does not quote it again when doing the container listing [2]. Because the path contains now an '?', the '?' is used as the path/query separator, and everything after the '?' is cutted. Thus the internal container listing request looks like this in the proxy log: Apr 11 12:24:21 swift proxy-server: - - 11/Apr/2018/10/24/21 GET /v1/AUTH_account/a%3Fformat%3Djson%26prefix%3Dprefix HTTP/1.0 404 (be aware that the log line is quoted again) This means the container listing is done on the container called "a" and not "a?container". If this container does not exist, a 404 is returned. If the container does exist, an incorrect 2xx response would be returned. [1] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L233 [2] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L147 It is possible to create a DLO Manifest with a segments container containing a question mark inside. E.g. curl -XPUT ... -H"x-object-manifest: a%3Fcontainer/prefix" But if this DLO Object should be retrieved (GET or HEAD), a 404 (or incorrect 2xx) is returned. The reason lies in the DLO Middleware: It unquotes the container [1], but does not quote it again when doing the container listing [2]. Because the path contains now an '?', the '?' is used as the path/query separator, and everything after the '?' is cutted. Thus the internal container listing request looks like this in the proxy log: Apr 11 12:24:21 swift proxy-server: - - 11/Apr/2018/10/24/21 GET /v1/AUTH_account/a%3Fformat%3Djson%26prefix%3Dprefix HTTP/1.0 404 (be aware that the log line is quoted again) This means the container listing is done on the container called "a" and not "a?container". If this container does not exist, a 404 is returned. If the container does exist, an incorrect 2xx response would be returned. A similar problem arises, if the object prefix contains a '?' . Traceback in this case: Apr 11 13:54:20 swift proxy-server: - - 11/Apr/2018/11/54/20 GET /v1/AUTH_account/test_segments/serv%3F.json/1523441992.908/0%3Fmultipart-manifest%3Dget HTTP/1.0 499 - - 70 - tx5157e02bd5ab4e6fa345a-005acdf76c - 0.0202 DLO - 1523447660.865747929 1523447660.885992050 0 Apr 11 13:54:20 swift proxy-server: ERROR: An error occurred while retrieving segments: #012Traceback (most recent call last):#012 File "/usr/lib/python2.7/site-packages/swift/common/request_helpers.py", line 442, in _internal_iter#012 (self.name, seg_resp.status_int, seg_req.path))#012SegmentError: ERROR: While processing manifest /v1/AUTH_account/test/serv%3F.json, got 404 while retrieving /v1/AUTH_account/test_segments/serv (txn: tx5157e02bd5ab4e6fa345a-005acdf76c) [1] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L233-L234 [2] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L147
2018-04-12 09:32:03 Christopher Bartz description It is possible to create a DLO Manifest with a segments container containing a question mark inside. E.g. curl -XPUT ... -H"x-object-manifest: a%3Fcontainer/prefix" But if this DLO Object should be retrieved (GET or HEAD), a 404 (or incorrect 2xx) is returned. The reason lies in the DLO Middleware: It unquotes the container [1], but does not quote it again when doing the container listing [2]. Because the path contains now an '?', the '?' is used as the path/query separator, and everything after the '?' is cutted. Thus the internal container listing request looks like this in the proxy log: Apr 11 12:24:21 swift proxy-server: - - 11/Apr/2018/10/24/21 GET /v1/AUTH_account/a%3Fformat%3Djson%26prefix%3Dprefix HTTP/1.0 404 (be aware that the log line is quoted again) This means the container listing is done on the container called "a" and not "a?container". If this container does not exist, a 404 is returned. If the container does exist, an incorrect 2xx response would be returned. A similar problem arises, if the object prefix contains a '?' . Traceback in this case: Apr 11 13:54:20 swift proxy-server: - - 11/Apr/2018/11/54/20 GET /v1/AUTH_account/test_segments/serv%3F.json/1523441992.908/0%3Fmultipart-manifest%3Dget HTTP/1.0 499 - - 70 - tx5157e02bd5ab4e6fa345a-005acdf76c - 0.0202 DLO - 1523447660.865747929 1523447660.885992050 0 Apr 11 13:54:20 swift proxy-server: ERROR: An error occurred while retrieving segments: #012Traceback (most recent call last):#012 File "/usr/lib/python2.7/site-packages/swift/common/request_helpers.py", line 442, in _internal_iter#012 (self.name, seg_resp.status_int, seg_req.path))#012SegmentError: ERROR: While processing manifest /v1/AUTH_account/test/serv%3F.json, got 404 while retrieving /v1/AUTH_account/test_segments/serv (txn: tx5157e02bd5ab4e6fa345a-005acdf76c) [1] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L233-L234 [2] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L147 It is possible to create a DLO Manifest with a segments container containing a question mark inside. E.g. curl -XPUT ... -H"x-object-manifest: a%3Fcontainer/prefix" But if this DLO Object should be retrieved (GET or HEAD), a 404 (or incorrect 2xx) is returned. The reason lies in the DLO Middleware: It unquotes the container [1], but does not quote it again when doing the container listing [2]. Because the path contains now an '?', the '?' is used as the path/query separator, and everything after the '?' is cutted. Thus the internal container listing request looks like this in the proxy log: Apr 11 12:24:21 swift proxy-server: - - 11/Apr/2018/10/24/21 GET /v1/AUTH_account/a%3Fformat%3Djson%26prefix%3Dprefix HTTP/1.0 404 (be aware that the log line is quoted again) This means the container listing is done on the container called "a" and not "a?container". If this container does not exist, a 404 is returned. If the container does exist, an incorrect 2xx response would be returned. A similar problem arises, if the object prefix contains a '?' and a GET is performed. A 409 conflict is returned (if filesize > 0) and the traceback looks like: Apr 11 13:54:20 swift proxy-server: - - 11/Apr/2018/11/54/20 GET /v1/AUTH_account/test_segments/serv%3F.json/1523441992.908/0%3Fmultipart-manifest%3Dget HTTP/1.0 499 - - 70 - tx5157e02bd5ab4e6fa345a-005acdf76c - 0.0202 DLO - 1523447660.865747929 1523447660.885992050 0 Apr 11 13:54:20 swift proxy-server: ERROR: An error occurred while retrieving segments: #012Traceback (most recent call last):#012 File "/usr/lib/python2.7/site-packages/swift/common/request_helpers.py", line 442, in _internal_iter#012 (self.name, seg_resp.status_int, seg_req.path))#012SegmentError: ERROR: While processing manifest /v1/AUTH_account/test/serv%3F.json, got 404 while retrieving /v1/AUTH_account/test_segments/serv (txn: tx5157e02bd5ab4e6fa345a-005acdf76c) [1] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L233-L234 [2] https://github.com/openstack/swift/blob/master/swift/common/middleware/dlo.py#L147
2018-04-12 17:19:35 Tim Burke swift: status New Confirmed
2019-03-21 16:41:46 OpenStack Infra swift: status Confirmed Fix Released
2019-03-28 21:12:47 OpenStack Infra tags in-feature-losf