The fix attached to https://bugs.launchpad.net/swift/+bug/1998625/comments/13 seems to prevent the bad request being accepted but I get an InternalServer error:

```
vagrant@vagrant:~$ curl 'http://saio3:8080/my-bucket?acl=' -X PUT -H "Host: saio3:8080" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "X-Amz-Content-Sha256: cfef77034aa96b13190894b26347367d4e95bc3aa2212f467eaae66c75250510" -H "X-Amz-Date: 20221220T193239Z" -H "Authorization: AWS4-HMAC-SHA256 Credential=test:tester/20221220/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=660efe254e6d3210293e778718b5391ca831e2c814c8ec1ebb9300d004430d78" --data-binary '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/hostname"> ]>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
    <DisplayName>test:tester</DisplayName>
    <ID>test:tester</ID>
</Owner>
<AccessControlList>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
            <DisplayName>&xxe;</DisplayName>
            <ID>&xxe;</ID>
        </Grantee>
        <Permission>WRITE</Permission>
    </Grant>
</AccessControlList>
</AccessControlPolicy>'
<?xml version='1.0' encoding='UTF-8'?>
<Error><Code>InternalError</Code><Message>We encountered an internal error. Please try again.</Message><RequestId>tx9ad37d73d7c542c7b8ca0-0063a20f21</RequestId><Reason>__str__ returned non-string (type NoneType)</Reason></Error>
```

I fixed that with this change (but I am new to this code so not sure this is sufficient or appropriate):

```
diff --git a/swift/common/middleware/s3api/subresource.py b/swift/common/middleware/s3api/subresource.py
index 1aa47b4b2..cb7f2c7b5 100644
--- a/swift/common/middleware/s3api/subresource.py
+++ b/swift/common/middleware/s3api/subresource.py
@@ -167,6 +167,8 @@ class Grantee(object):
         type = elem.get('{%s}type' % XMLNS_XSI)
         if type == 'CanonicalUser':
             value = elem.find('./ID').text
+            if not value:
+                raise MalformedACLError()
             return User(value)
         elif type == 'Group':
             value = elem.find('./URI').text
```

resulting in:

```
vagrant@vagrant:~$ curl 'http://saio3:8080/my-bucket?acl=' -X PUT -H "Host: saio3:8080" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "X-Amz-Content-Sha256: cfef77034aa96b13190894b26347367d4e95bc3aa2212f467eaae66c75250510" -H "X-Amz-Date: 20221220T193239Z" -H "Authorization: AWS4-HMAC-SHA256 Credential=test:tester/20221220/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=660efe254e6d3210293e778718b5391ca831e2c814c8ec1ebb9300d004430d78" --data-binary '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/hostname"> ]>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
    <DisplayName>test:tester</DisplayName>
    <ID>test:tester</ID>
</Owner>
<AccessControlList>
    <Grant>
        <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
            <DisplayName>&xxe;</DisplayName>
            <ID>&xxe;</ID>
        </Grantee>
        <Permission>WRITE</Permission>
    </Grant>
</AccessControlList>
</AccessControlPolicy>'
<?xml version='1.0' encoding='UTF-8'?>
<Error><Code>MalformedACLError</Code><Message>The XML you provided was not well-formed or did not validate against our published schema.</Message><RequestId>tx985d10197d15433489726-0063a20faf</RequestId></Error>
```