mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-05-12 19:02:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

s3_client: parse multipart response XML defensively

Browse Source 
Ensure robust handling of XML responses when initiating multipart
uploads. Check for the existence of required nodes before access,
and throw an exception if the XML is empty or malformed.

Refs: https://github.com/scylladb/scylladb/issues/24676

Closes scylladb/scylladb#24990
This commit is contained in:
Ernest Zaslavsky
2025-07-15 17:24:25 +03:00
committed by Botond Dénes
parent 054ea54565
commit 342e94261f
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
utils/s3/client.cc
View File

@@ -711,6 +711,14 @@ public:
};
sstring parse_multipart_upload_id(sstring& body) {
auto get_node_safe = []<typename T>(const T* node, const std::string_view node_name) {
auto child = node->first_node(node_name.data());
if (!child) {
throw std::runtime_error(seastar::format("'{}' node is missing in InitiateMultipartUploadResult response", node_name));
}
return child;
};
auto doc = std::make_unique<rapidxml::xml_document<>>();
try {
doc->parse<0>(body.data());
@@ -720,8 +728,8 @@ sstring parse_multipart_upload_id(sstring& body) {
// and handle the error the way it prefers
return "";
}
auto root_node = doc->first_node("InitiateMultipartUploadResult");
auto uploadid_node = root_node->first_node("UploadId");
auto root_node = get_node_safe(doc.get(), "InitiateMultipartUploadResult");
auto uploadid_node = get_node_safe(root_node, "UploadId");
return uploadid_node->value();
}