From 2a0a62b78d87503b87ff70abf92b3e1f224866b1 Mon Sep 17 00:00:00 2001 From: Krishnan Parthasarathi Date: Thu, 16 Nov 2017 19:13:04 +0000 Subject: [PATCH] Return ErrContentSHA256Mismatch when sha256sum is invalid (#5188) --- cmd/signature-v4.go | 2 +- pkg/hash/reader.go | 8 +++++--- pkg/hash/reader_test.go | 29 ++++++++++++++++++----------- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/cmd/signature-v4.go b/cmd/signature-v4.go index b66bdc9b9..007a66922 100644 --- a/cmd/signature-v4.go +++ b/cmd/signature-v4.go @@ -289,7 +289,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s /// Verify finally if signature is same. // Get canonical request. - presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, unsignedPayload, encodedQuery, req.URL.Path, req.Method) + presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, hashedPayload, encodedQuery, req.URL.Path, req.Method) // Get string to sign from canonical request. presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope()) diff --git a/pkg/hash/reader.go b/pkg/hash/reader.go index a38ea6e42..c0b569db3 100644 --- a/pkg/hash/reader.go +++ b/pkg/hash/reader.go @@ -26,6 +26,8 @@ import ( "io" ) +var errNestedReader = errors.New("Nesting of Reader detected, not allowed") + // Reader writes what it reads from an io.Reader to an MD5 and SHA256 hash.Hash. // Reader verifies that the content of the io.Reader matches the expected checksums. type Reader struct { @@ -40,17 +42,17 @@ type Reader struct { // SHA256 sum (if set) of the provided io.Reader at EOF. func NewReader(src io.Reader, size int64, md5Hex, sha256Hex string) (*Reader, error) { if _, ok := src.(*Reader); ok { - return nil, errors.New("Nesting of Reader detected, not allowed") + return nil, errNestedReader } sha256sum, err := hex.DecodeString(sha256Hex) if err != nil { - return nil, err + return nil, SHA256Mismatch{} } md5sum, err := hex.DecodeString(md5Hex) if err != nil { - return nil, err + return nil, BadDigest{} } var sha256Hash hash.Hash diff --git a/pkg/hash/reader_test.go b/pkg/hash/reader_test.go index 8d53a6227..40e5018a1 100644 --- a/pkg/hash/reader_test.go +++ b/pkg/hash/reader_test.go @@ -114,26 +114,30 @@ func TestHashReaderInvalidArguments(t *testing.T) { size int64 md5hex, sha256hex string success bool + expectedErr error }{ // Invalid md5sum NewReader() will fail. { - src: bytes.NewReader([]byte("abcd")), - size: 4, - md5hex: "invalid-md5", - success: false, + src: bytes.NewReader([]byte("abcd")), + size: 4, + md5hex: "invalid-md5", + success: false, + expectedErr: BadDigest{}, }, // Invalid sha256 NewReader() will fail. { - src: bytes.NewReader([]byte("abcd")), - size: 4, - sha256hex: "invalid-sha256", - success: false, + src: bytes.NewReader([]byte("abcd")), + size: 4, + sha256hex: "invalid-sha256", + success: false, + expectedErr: SHA256Mismatch{}, }, // Nested hash reader NewReader() will fail. { - src: &Reader{src: bytes.NewReader([]byte("abcd"))}, - size: 4, - success: false, + src: &Reader{src: bytes.NewReader([]byte("abcd"))}, + size: 4, + success: false, + expectedErr: errNestedReader, }, // Expected inputs, NewReader() will succeed. { @@ -151,5 +155,8 @@ func TestHashReaderInvalidArguments(t *testing.T) { if err == nil && !testCase.success { t.Errorf("Test %d: Expected error, but got success", i+1) } + if err != testCase.expectedErr { + t.Errorf("Test %d: Expected error %v, but got %v", i+1, testCase.expectedErr, err) + } } }