From 257282d2be06a67f3292fd7e3ceb5002d9e3e150 Mon Sep 17 00:00:00 2001
From: lizhipeng <lizhipeng@kylinos.cn>
Date: Sun, 28 Sep 2025 09:22:43 +0800
Subject: [PATCH] fix CVE-2023-43040

Signed-off-by: lizhipeng <lizhipeng@kylinos.cn>
---
 0019-Fix-CVE-2023-43040.patch | 41 +++++++++++++++++++++++++++++++++++
 ceph.spec                     |  6 ++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 0019-Fix-CVE-2023-43040.patch

diff --git a/0019-Fix-CVE-2023-43040.patch b/0019-Fix-CVE-2023-43040.patch
new file mode 100644
index 0000000..4520bf7
--- /dev/null
+++ b/0019-Fix-CVE-2023-43040.patch
@@ -0,0 +1,41 @@
+From ed97f95b6608fb11703b18d38b6690ee8b3dbcd6 Mon Sep 17 00:00:00 2001
+From: wangzengliang <wangzengliang2@huawei.com>
+Date: Mon, 9 Oct 2023 10:50:45 +0800
+Subject: [PATCH] fix CVE-2023-43040
+
+Fixes: https://tracker.ceph.com/issues/63004
+copied-by: https://github.com/ceph/ceph/pull/53758
+signed-off-by: Joshua Baergen <jbaergen@gigitalocean.com>
+---
+ src/rgw/rgw_rest_s3.cc | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index 2247c20dd..d06feddd0 100644
+--- a/src/rgw/rgw_rest_s3.cc
++++ b/src/rgw/rgw_rest_s3.cc
+@@ -2660,10 +2660,6 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
+ 
+   map_qs_metadata(s);
+ 
+-  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
+-		    << dendl;
+-  env.add_var("bucket", s->bucket->get_name());
+-
+   bool done;
+   do {
+     struct post_form_part part;
+@@ -2714,6 +2710,10 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
+     env.add_var(part.name, part_str);
+   } while (!done);
+ 
++  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
++		    << dendl;
++  env.add_var("bucket", s->bucket->get_name());
++
+   string object_str;
+   if (!part_str(parts, "key", &object_str)) {
+     err_msg = "Key not specified";
+-- 
+2.27.0
+
diff --git a/ceph.spec b/ceph.spec
index cd7b9f3..cf03aea 100644
--- a/ceph.spec
+++ b/ceph.spec
@@ -125,7 +125,7 @@
 #################################################################################
 Name:		ceph
 Version:	16.2.7
-Release:	22
+Release:	23
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
 Epoch:		2
 %endif
@@ -161,6 +161,7 @@ Patch15: 0015-ceph-volume-add-judgment-for-ceph-volume-lvm-activat.patch
 Patch16: 0016-fix-CVE-2023-46159.patch
 Patch17: 0017-fix-osd-activate-error-when-node-reboot.patch
 Patch18: 0018-fix-CVE-2024-48916.patch
+Patch19: 0019-Fix-CVE-2023-43040.patch
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@@ -2505,6 +2506,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Sun Sep 28 2025 lizhipeng <lizhipeng@kylin.cn> - 2:16.2.7-23
+- fix-CVE-2023-43040.patch
+
 * Fri Feb 21 2025 wangzengliang <wangzengliang2@huawei.com> - 2:16.2.7-22
 - fix-CVE-2024-48916.patch
 
-- 
Gitee