handlers: read ContentLength value directly from http.Request.

Do not look for Content-Length in headers and try to convert them into
integer representations use ContentLength field from *http.Request*.

If Content-Length is understood to be as '-1' then treat it as an error
condition, since it could be a malformed body to crash the server.

Fixes #1011
This commit is contained in:
Harshavardhana 2015-12-27 23:00:36 -08:00
parent 7aab7ba946
commit 2f67559684
3 changed files with 19 additions and 46 deletions

View File

@ -226,8 +226,8 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
// if body of request is non-nil then check for validity of Content-Length
if req.Body != nil {
/// if Content-Length missing, deny the request
if req.Header.Get("Content-Length") == "" {
/// if Content-Length is unknown/missing, deny the request
if req.ContentLength == -1 {
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
return
}
@ -275,9 +275,8 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
func (api CloudStorageAPI) PostPolicyBucketHandler(w http.ResponseWriter, req *http.Request) {
// if body of request is non-nil then check for validity of Content-Length
if req.Body != nil {
/// if Content-Length missing, deny the request
size := req.Header.Get("Content-Length")
if size == "" {
/// if Content-Length is unknown/missing, deny the request
if req.ContentLength == -1 {
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
return
}

View File

@ -140,9 +140,9 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
writeErrorResponse(w, req, InvalidDigest, req.URL.Path)
return
}
/// if Content-Length missing, deny the request
size := req.Header.Get("Content-Length")
if size == "" {
/// if Content-Length is unknown/missing, deny the request
size := req.ContentLength
if size == -1 {
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
return
}
@ -151,16 +151,6 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
writeErrorResponse(w, req, EntityTooLarge, req.URL.Path)
return
}
var sizeInt64 int64
{
var err error
sizeInt64, err = strconv.ParseInt(size, 10, 64)
if err != nil {
errorIf(probe.NewError(err), "Parsing Content-Length failed.", nil)
writeErrorResponse(w, req, InvalidRequest, req.URL.Path)
return
}
}
var signature *fs.Signature
if !api.Anonymous {
@ -176,7 +166,7 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
}
}
metadata, err := api.Filesystem.CreateObject(bucket, object, md5, sizeInt64, req.Body, signature)
metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, req.Body, signature)
if err != nil {
errorIf(err.Trace(), "CreateObject failed.", nil)
switch err.ToGoError().(type) {
@ -265,13 +255,6 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
}
}
/// if Content-Length missing, throw away
size := req.Header.Get("Content-Length")
if size == "" {
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
return
}
// get Content-MD5 sent by client and verify if valid
md5 := req.Header.Get("Content-MD5")
if !isValidMD5(md5) {
@ -279,23 +262,19 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
return
}
/// if Content-Length is unknown/missing, throw away
size := req.ContentLength
if size == -1 {
writeErrorResponse(w, req, MissingContentLength, req.URL.Path)
return
}
/// maximum Upload size for multipart objects in a single operation
if isMaxObjectSize(size) {
writeErrorResponse(w, req, EntityTooLarge, req.URL.Path)
return
}
var sizeInt64 int64
{
var err error
sizeInt64, err = strconv.ParseInt(size, 10, 64)
if err != nil {
errorIf(probe.NewError(err), "Parsing Content-Length failed.", nil)
writeErrorResponse(w, req, InvalidRequest, req.URL.Path)
return
}
}
uploadID := req.URL.Query().Get("uploadId")
partIDString := req.URL.Query().Get("partNumber")
@ -323,7 +302,7 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
}
}
calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, sizeInt64, req.Body, signature)
calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, req.Body, signature)
if err != nil {
errorIf(err.Trace(), "CreateObjectPart failed.", nil)
switch err.ToGoError().(type) {

View File

@ -18,7 +18,6 @@ package main
import (
"encoding/base64"
"strconv"
"strings"
)
@ -36,17 +35,13 @@ func isValidMD5(md5 string) bool {
/// http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html
const (
// maximum object size per PUT request is 5GB
// maximum object size per PUT request is 5GiB
maxObjectSize = 1024 * 1024 * 1024 * 5
)
// isMaxObjectSize - verify if max object size
func isMaxObjectSize(size string) bool {
i, err := strconv.ParseInt(size, 10, 64)
if err != nil {
return true
}
if i > maxObjectSize {
func isMaxObjectSize(size int64) bool {
if size > maxObjectSize {
return true
}
return false