[AutoPR- Security] Patch ceph for CVE-2024-47866 [MEDIUM] (microsoft#15093)

azurelinux-security · web-flow · commit 21fec47dc649 · 2025-11-17T14:44:05.000+05:30
diff --git a/SPECS/ceph/CVE-2024-47866.patch b/SPECS/ceph/CVE-2024-47866.patch
@@ -0,0 +1,33 @@
+From 9d2825f03bb094836052de8c35666e7a720c1f28 Mon Sep 17 00:00:00 2001
+From: Suyash Dongre <suyashd999@gmail.com>
+Date: Wed, 20 Aug 2025 23:22:41 +0530
+Subject: [PATCH] Check if `HTTP_X_AMZ_COPY_SOURCE` header is empty
+
+The issue was that the `HTTP_X_AMZ_COPY_SOURCE` header could be present but empty (i.e., an empty string rather than NULL). The  code only checked if the pointer was not NULL, but didn't verify that the string had content. When an empty string was passed to RGWCopyObj::parse_copy_location(), it would eventually try to access name_str[0] on an empty string, causing a crash.
+
+Fixes: https://tracker.ceph.com/issues/72669
+
+Signed-off-by: Suyash Dongre <suyashd999@gmail.com>
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://patch-diff.githubusercontent.com/raw/ceph/ceph/pull/65159.patch
+---
+ src/rgw/rgw_op.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
+index 655f057..0287e67 100644
+--- a/src/rgw/rgw_op.cc
++++ b/src/rgw/rgw_op.cc
+@@ -4977,6 +4977,9 @@ bool RGWCopyObj::parse_copy_location(const std::string_view& url_src,
+     params_str = url_src.substr(pos + 1);
+   }
+ 
++  if (name_str.empty()) {
++    return false;
++  }
+   if (name_str[0] == '/') // trim leading slash
+     name_str.remove_prefix(1);
+ 
+-- 
+2.45.4
+
diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec
@@ -5,7 +5,7 @@
 Summary:        User space components of the Ceph file system
 Name:           ceph
 Version:        16.2.10
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
 URL:            https://ceph.io/
 Vendor:         Microsoft Corporation
@@ -21,6 +21,7 @@ Patch6:		CVE-2025-1744.patch
 Patch7:         CVE-2025-52939.patch
 Patch8:         CVE-2024-48916.patch
 Patch9:         CVE-2025-9648.patch
+Patch10:        CVE-2024-47866.patch
 # 
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -1814,6 +1815,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Fri Nov 14 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 16.2.10-11
+- Patch for CVE-2024-47866
+
 * Fri Oct 03 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 16.2.10-10
 - Patch for CVE-2025-9648
 
