rgw: Remove assertions in IAM Policy

A couple of them could be triggered by user input. Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
ceph · Oct 10, 2017 · b3118ca · b3118ca
1 parent 65b7543
commit b3118ca
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/src/rgw/rgw_basic_types.h b/src/rgw/rgw_basic_types.h
@@ -160,12 +160,10 @@ class Principal {
   }
 
   const std::string& get_tenant() const {
-    ceph_assert(t != Wildcard);
     return u.tenant;
   }
 
   const std::string& get_id() const {
-    ceph_assert(t != Wildcard && t != Tenant);
     return u.id;
   }
 

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
@@ -221,7 +221,9 @@ optional<ARN> ARN::parse(const string& s, bool wildcards) {
   if ((s == "*") && wildcards) {
     return ARN(Partition::wildcard, Service::wildcard, "*", "*", "*");
   } else if (regex_match(s, match, wildcards ? rx_wild : rx_no_wild)) {
-    ceph_assert(match.size() == 6);
+    if (match.size() != 6) {
+      return boost::none;
+    }
 
     ARN a;
     {
@@ -771,7 +773,9 @@ static optional<Principal> parse_principal(CephContext* cct, TokenID t,
 			  ECMAScript | optimize);
     smatch match;
     if (regex_match(a->resource, match, rx)) {
-      ceph_assert(match.size() == 3);
+      if (match.size() != 3) {
+	return boost::none;
+      }
 
       if (match[1] == "user") {
 	return Principal::user(std::move(a->account),
@@ -843,7 +847,9 @@ bool ParseState::do_string(CephContext* cct, const char* s, size_t l) {
     // Principals
 
   } else if (w->kind == TokenKind::princ_type) {
-    ceph_assert(pp->s.size() > 1);
+    if (pp->s.size() <= 1) {
+      return false;
+    }
     auto& pri = pp->s[pp->s.size() - 2].w->id == TokenID::Principal ?
       t->princ : t->noprinc;
 

diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
@@ -29,8 +29,6 @@
 #include "rgw_iam_policy_keywords.h"
 #include "rgw_string.h"
 
-#include "include/assert.h" // razzin' frazzin' ...grrr.
-
 class RGWRados;
 namespace rgw {
 namespace auth {
@@ -254,7 +252,6 @@ string to_string(const MaskedIP& m);
 inline bool operator ==(const MaskedIP& l, const MaskedIP& r) {
   auto shift = std::max((l.v6 ? 128 : 32) - l.prefix,
 			(r.v6 ? 128 : 32) - r.prefix);
-  ceph_assert(shift > 0);
   return (l.addr >> shift) == (r.addr >> shift);
 }