s3: Sanitize the source object name in CopyObject handler (#20774)

This commit is contained in:
Mark Theunissen 2024-12-17 17:01:07 +02:00 committed by GitHub
parent 02f770a0c0
commit 01e520eb23
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1191,6 +1191,9 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re
return
}
// Sanitize the source object name similar to NewMultipart and PutObject API
srcObject = trimLeadingSlash(srcObject)
if vid != "" && vid != nullVersionID {
_, err := uuid.Parse(vid)
if err != nil {