Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch ceph for CVE-2024-47866 [HIGH] - branch 3.0-dev" microsoft#15127

Co-authored-by: Azure Linux Security Servicing Account <[email protected]>
Co-authored-by: Kanishk Bansal <[email protected]>

Author: 3 people

SPECS/ceph/CVE-2024-47866.patch

@@ -0,0 +1,33 @@
+From a22a0dbb1d46322007ac4b4e87854ba2ccc8335a Mon Sep 17 00:00:00 2001
+From: Suyash Dongre <[email protected]>
+Date: Wed, 20 Aug 2025 23:22:41 +0530
+Subject: [PATCH] Check if `HTTP_X_AMZ_COPY_SOURCE` header is empty
+
+The issue was that the `HTTP_X_AMZ_COPY_SOURCE` header could be present but empty (i.e., an empty string rather than NULL). The  code only checked if the pointer was not NULL, but didn't verify that the string had content. When an empty string was passed to RGWCopyObj::parse_copy_location(), it would eventually try to access name_str[0] on an empty string, causing a crash.
+
+Fixes: https://tracker.ceph.com/issues/72669
+
+Signed-off-by: Suyash Dongre <[email protected]>
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://patch-diff.githubusercontent.com/raw/ceph/ceph/pull/65159.patch
+---
+ src/rgw/rgw_op.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
+index 71fb198..68f74b7 100644
+--- a/src/rgw/rgw_op.cc
++++ b/src/rgw/rgw_op.cc
+@@ -5240,6 +5240,9 @@ bool RGWCopyObj::parse_copy_location(const std::string_view& url_src,
+     params_str = url_src.substr(pos + 1);
+   }
+ 
++  if (name_str.empty()) {
++    return false;
++  }
+   if (name_str[0] == '/') // trim leading slash
+     name_str.remove_prefix(1);
+ 
+-- 
+2.45.4
+

SPECS/ceph/ceph.spec

@@ -5,7 +5,7 @@
 Summary:        User space components of the Ceph file system
 Name:           ceph
 Version:        18.2.2
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
 URL:            https://ceph.io/
 Vendor:         Microsoft Corporation
@@ -31,6 +31,7 @@ Patch16:        CVE-2020-14378.patch
 Patch17:        CVE-2025-52555.patch
 Patch18:        CVE-2024-48916.patch
 Patch19:        CVE-2025-9648.patch
+Patch20:        CVE-2024-47866.patch
 #
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -2021,6 +2022,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Thu Nov 13 2025 Azure Linux Security Servicing Account <[email protected]> - 18.2.2-12
+- Patch for CVE-2024-47866
+
 * Fri Oct 03 2025 Azure Linux Security Servicing Account <[email protected]> - 18.2.2-11
 - Patch for CVE-2025-9648
 
@@ -2030,7 +2034,7 @@ exit 0
 * Tue Jul 01 2025 Azure Linux Security Servicing Account <[email protected]> - 18.2.2-9
 - Patch for CVE-2025-52555
 
-* Wed 16 Apr 2025 Archana Shettigar <[email protected]> - 18.2.2-8
+* Wed Apr 16 2025 Archana Shettigar <[email protected]> - 18.2.2-8
 - Patch CVE-2020-14378
 
 * Thu Apr 10 2025 Kanishk Bansal <[email protected]> - 18.2.2-7