root
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix content-sha256 verification for presigned PUT (#5137) 

It is possible that x-amz-content-sha256 is set through
the query params in case of presigned PUT calls, make sure
that we validate the incoming x-amz-content-sha256 properly.

Current code simply just allows this without honoring the
set x-amz-content-sha256, fix it.
This commit is contained in:
Harshavardhana 2017-11-05 03:02:19 -08:00 committed by Nitish Tiwari
parent dcdb07433a
commit 719f8c258a
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/object-handlers.go
View File

@ -569,7 +569,7 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
return
}
if !skipContentSha256Cksum(r) {
sha256hex = r.Header.Get("X-Amz-Content-Sha256")
sha256hex = getContentSha256Cksum(r)
}
}
@ -866,7 +866,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
}
if !skipContentSha256Cksum(r) {
sha256hex = r.Header.Get("X-Amz-Content-Sha256")
sha256hex = getContentSha256Cksum(r)
}
}

2
cmd/signature-v4.go
View File

@ -289,7 +289,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
/// Verify finally if signature is same.
// Get canonical request.
presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, hashedPayload, encodedQuery, req.URL.Path, req.Method)
presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, unsignedPayload, encodedQuery, req.URL.Path, req.Method)
// Get string to sign from canonical request.
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope())