From 27f895cf2c066e49d5724a0c55f9f333d0963501 Mon Sep 17 00:00:00 2001 From: Poorna Krishnamoorthy Date: Thu, 26 Aug 2021 19:23:12 -0400 Subject: [PATCH] Check pathlength before reading metadata (#13080) fixes bug where the server returns 503 instead of 400 if objectName is longer than 255 characters Fixes regression introduced in #12942 --- cmd/xl-storage.go | 4 ++++ cmd/xl-storage_test.go | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/cmd/xl-storage.go b/cmd/xl-storage.go index 0b72f2763..6e5391419 100644 --- a/cmd/xl-storage.go +++ b/cmd/xl-storage.go @@ -397,6 +397,10 @@ func (s *xlStorage) Healing() *healingTracker { } func (s *xlStorage) readMetadata(itemPath string) ([]byte, error) { + if err := checkPathLength(itemPath); err != nil { + return nil, err + } + f, err := OpenFile(itemPath, readMode, 0) if err != nil { return nil, err diff --git a/cmd/xl-storage_test.go b/cmd/xl-storage_test.go index 8bdb1880b..b14c3add2 100644 --- a/cmd/xl-storage_test.go +++ b/cmd/xl-storage_test.go @@ -1818,3 +1818,23 @@ func TestXLStorageVerifyFile(t *testing.T) { t.Fatal("expected to fail bitrot check") } } + +// TestXLStorageReadMetadata tests readMetadata +func TestXLStorageReadMetadata(t *testing.T) { + volume, object := "test-vol", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + tmpDir, err := ioutil.TempDir("", "") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tmpDir) + + disk, err := newLocalXLStorage(tmpDir) + if err != nil { + t.Fatal(err) + } + + disk.MakeVol(context.Background(), volume) + if _, err := disk.readMetadata(pathJoin(tmpDir, volume, object)); err != errFileNameTooLong { + t.Fatalf("Unexpected error from readMetadata - expect %v: got %v", errFileNameTooLong, err) + } +}