Check if HTTP_X_AMZ_COPY_SOURCE header is empty

Suyashd999 · Suyashd999 · commit bef59f17293e · 2025-09-25T15:21:03.000+05:30
The issue was that the `HTTP_X_AMZ_COPY_SOURCE` header could be present but empty (i.e., an empty string rather than NULL). The code only checked if the pointer was not NULL, but didn't verify that the string had content. When an empty string was passed to RGWCopyObj::parse_copy_location(), it would eventually try to access name_str[0] on an empty string, causing a crash. Fixes: https://tracker.ceph.com/issues/72669 Signed-off-by: Suyash Dongre <suyashd999@gmail.com>
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
@@ -5426,6 +5426,9 @@ bool RGWCopyObj::parse_copy_location(const std::string_view& url_src,
     params_str = url_src.substr(pos + 1);
   }
 
+  if (name_str.empty()) {
+    return false;
+  }
   if (name_str[0] == '/') // trim leading slash
     name_str.remove_prefix(1);
 

Original file line number	Diff line number	Diff line change
`@@ -5426,6 +5426,9 @@ bool RGWCopyObj::parse_copy_location(const std::string_view& url_src,`
`5426`	`5426`	`params_str = url_src.substr(pos + 1);`
`5427`	`5427`	`}`
`5428`	`5428`
	`5429`	`+ if (name_str.empty()) {`
	`5430`	`+ return false;`
	`5431`	`+ }`
`5429`	`5432`	`if (name_str[0] == '/') // trim leading slash`
`5430`	`5433`	`name_str.remove_prefix(1);`
`5431`	`5434`