fix: validate partNumber in queryParam as part of preConditions (#9386)

2025-11-21 10:16:03 -05:00 · 2020-04-20 22:01:59 -07:00
parent 2eeb0e6a0b
commit 282c9f790a
18 changed files with 73 additions and 42 deletions
--- a/cmd/encryption-v1.go
+++ b/cmd/encryption-v1.go
@@ -982,6 +982,19 @@ func getOpts(ctx context.Context, r *http.Request, bucket, object string) (Objec
 		encryption encrypt.ServerSide
 		opts       ObjectOptions
 	)
+
+	var partNumber int
+	var err error
+	if pn := r.URL.Query().Get("partNumber"); pn != "" {
+		partNumber, err = strconv.Atoi(pn)
+		if err != nil {
+			return opts, err
+		}
+		if partNumber < 0 {
+			return opts, errInvalidArgument
+		}
+	}
+
 	if GlobalGatewaySSE.SSEC() && crypto.SSEC.IsRequested(r.Header) {
 		key, err := crypto.SSEC.ParseHTTP(r.Header)
 		if err != nil {
@@ -990,10 +1003,16 @@ func getOpts(ctx context.Context, r *http.Request, bucket, object string) (Objec
 		derivedKey := deriveClientKey(key, bucket, object)
 		encryption, err = encrypt.NewSSEC(derivedKey[:])
 		logger.CriticalIf(ctx, err)
-		return ObjectOptions{ServerSideEncryption: encryption}, nil
+		return ObjectOptions{ServerSideEncryption: encryption, PartNumber: partNumber}, nil
 	}
+
 	// default case of passing encryption headers to backend
-	return getDefaultOpts(r.Header, false, nil)
+	opts, err = getDefaultOpts(r.Header, false, nil)
+	if err != nil {
+		return opts, err
+	}
+	opts.PartNumber = partNumber
+	return opts, nil
 }

 // get ObjectOptions for PUT calls from encryption headers and metadata