mirror of
https://github.com/minio/minio.git
synced 2025-01-23 12:43:16 -05:00
handlers: read ContentLength value directly from http.Request.
Do not look for Content-Length in headers and try to convert them into integer representations use ContentLength field from *http.Request*. If Content-Length is understood to be as '-1' then treat it as an error condition, since it could be a malformed body to crash the server. Fixes #1011
This commit is contained in:
parent
7aab7ba946
commit
2f67559684
@ -226,8 +226,8 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
|
|||||||
|
|
||||||
// if body of request is non-nil then check for validity of Content-Length
|
// if body of request is non-nil then check for validity of Content-Length
|
||||||
if req.Body != nil {
|
if req.Body != nil {
|
||||||
/// if Content-Length missing, deny the request
|
/// if Content-Length is unknown/missing, deny the request
|
||||||
if req.Header.Get("Content-Length") == "" {
|
if req.ContentLength == -1 {
|
||||||
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -275,9 +275,8 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
|
|||||||
func (api CloudStorageAPI) PostPolicyBucketHandler(w http.ResponseWriter, req *http.Request) {
|
func (api CloudStorageAPI) PostPolicyBucketHandler(w http.ResponseWriter, req *http.Request) {
|
||||||
// if body of request is non-nil then check for validity of Content-Length
|
// if body of request is non-nil then check for validity of Content-Length
|
||||||
if req.Body != nil {
|
if req.Body != nil {
|
||||||
/// if Content-Length missing, deny the request
|
/// if Content-Length is unknown/missing, deny the request
|
||||||
size := req.Header.Get("Content-Length")
|
if req.ContentLength == -1 {
|
||||||
if size == "" {
|
|
||||||
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -140,9 +140,9 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
|
|||||||
writeErrorResponse(w, req, InvalidDigest, req.URL.Path)
|
writeErrorResponse(w, req, InvalidDigest, req.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
/// if Content-Length missing, deny the request
|
/// if Content-Length is unknown/missing, deny the request
|
||||||
size := req.Header.Get("Content-Length")
|
size := req.ContentLength
|
||||||
if size == "" {
|
if size == -1 {
|
||||||
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -151,16 +151,6 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
|
|||||||
writeErrorResponse(w, req, EntityTooLarge, req.URL.Path)
|
writeErrorResponse(w, req, EntityTooLarge, req.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var sizeInt64 int64
|
|
||||||
{
|
|
||||||
var err error
|
|
||||||
sizeInt64, err = strconv.ParseInt(size, 10, 64)
|
|
||||||
if err != nil {
|
|
||||||
errorIf(probe.NewError(err), "Parsing Content-Length failed.", nil)
|
|
||||||
writeErrorResponse(w, req, InvalidRequest, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var signature *fs.Signature
|
var signature *fs.Signature
|
||||||
if !api.Anonymous {
|
if !api.Anonymous {
|
||||||
@ -176,7 +166,7 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
metadata, err := api.Filesystem.CreateObject(bucket, object, md5, sizeInt64, req.Body, signature)
|
metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, req.Body, signature)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "CreateObject failed.", nil)
|
errorIf(err.Trace(), "CreateObject failed.", nil)
|
||||||
switch err.ToGoError().(type) {
|
switch err.ToGoError().(type) {
|
||||||
@ -265,13 +255,6 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// if Content-Length missing, throw away
|
|
||||||
size := req.Header.Get("Content-Length")
|
|
||||||
if size == "" {
|
|
||||||
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// get Content-MD5 sent by client and verify if valid
|
// get Content-MD5 sent by client and verify if valid
|
||||||
md5 := req.Header.Get("Content-MD5")
|
md5 := req.Header.Get("Content-MD5")
|
||||||
if !isValidMD5(md5) {
|
if !isValidMD5(md5) {
|
||||||
@ -279,23 +262,19 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// if Content-Length is unknown/missing, throw away
|
||||||
|
size := req.ContentLength
|
||||||
|
if size == -1 {
|
||||||
|
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
/// maximum Upload size for multipart objects in a single operation
|
/// maximum Upload size for multipart objects in a single operation
|
||||||
if isMaxObjectSize(size) {
|
if isMaxObjectSize(size) {
|
||||||
writeErrorResponse(w, req, EntityTooLarge, req.URL.Path)
|
writeErrorResponse(w, req, EntityTooLarge, req.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var sizeInt64 int64
|
|
||||||
{
|
|
||||||
var err error
|
|
||||||
sizeInt64, err = strconv.ParseInt(size, 10, 64)
|
|
||||||
if err != nil {
|
|
||||||
errorIf(probe.NewError(err), "Parsing Content-Length failed.", nil)
|
|
||||||
writeErrorResponse(w, req, InvalidRequest, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
uploadID := req.URL.Query().Get("uploadId")
|
uploadID := req.URL.Query().Get("uploadId")
|
||||||
partIDString := req.URL.Query().Get("partNumber")
|
partIDString := req.URL.Query().Get("partNumber")
|
||||||
|
|
||||||
@ -323,7 +302,7 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, sizeInt64, req.Body, signature)
|
calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, req.Body, signature)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "CreateObjectPart failed.", nil)
|
errorIf(err.Trace(), "CreateObjectPart failed.", nil)
|
||||||
switch err.ToGoError().(type) {
|
switch err.ToGoError().(type) {
|
||||||
|
11
utils.go
11
utils.go
@ -18,7 +18,6 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -36,17 +35,13 @@ func isValidMD5(md5 string) bool {
|
|||||||
|
|
||||||
/// http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html
|
/// http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html
|
||||||
const (
|
const (
|
||||||
// maximum object size per PUT request is 5GB
|
// maximum object size per PUT request is 5GiB
|
||||||
maxObjectSize = 1024 * 1024 * 1024 * 5
|
maxObjectSize = 1024 * 1024 * 1024 * 5
|
||||||
)
|
)
|
||||||
|
|
||||||
// isMaxObjectSize - verify if max object size
|
// isMaxObjectSize - verify if max object size
|
||||||
func isMaxObjectSize(size string) bool {
|
func isMaxObjectSize(size int64) bool {
|
||||||
i, err := strconv.ParseInt(size, 10, 64)
|
if size > maxObjectSize {
|
||||||
if err != nil {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
if i > maxObjectSize {
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
|
Loading…
x
Reference in New Issue
Block a user