mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Forbid requests generated at least 15 min in the past or in the future (#2648)
This commit is contained in:
parent
421cccb1d7
commit
32201a18ab
@ -198,9 +198,10 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
writeErrorResponse(w, r, apiErr, r.URL.Path)
|
writeErrorResponse(w, r, apiErr, r.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Verify if the request date header is more than 5minutes
|
// Verify if the request date header is shifted by less than maxSkewTime parameter in the past
|
||||||
// late, reject such clients.
|
// or in the future, reject request otherwise.
|
||||||
if time.Now().UTC().Sub(amzDate)/time.Minute > time.Duration(5)*time.Minute {
|
curTime := time.Now().UTC()
|
||||||
|
if curTime.Sub(amzDate) > maxSkewTime || amzDate.Sub(curTime) > maxSkewTime {
|
||||||
writeErrorResponse(w, r, ErrRequestTimeTooSkewed, r.URL.Path)
|
writeErrorResponse(w, r, ErrRequestTimeTooSkewed, r.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,8 @@
|
|||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/fatih/color"
|
"github.com/fatih/color"
|
||||||
"github.com/minio/minio/pkg/objcache"
|
"github.com/minio/minio/pkg/objcache"
|
||||||
)
|
)
|
||||||
@ -58,6 +60,11 @@ var (
|
|||||||
maxFormFieldSize = int64(1024 * 1024)
|
maxFormFieldSize = int64(1024 * 1024)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// The maximum allowed difference between the request generation time and the server processing time
|
||||||
|
maxSkewTime = 15 * time.Minute
|
||||||
|
)
|
||||||
|
|
||||||
// global colors.
|
// global colors.
|
||||||
var (
|
var (
|
||||||
colorBlue = color.New(color.FgBlue).SprintfFunc()
|
colorBlue = color.New(color.FgBlue).SprintfFunc()
|
||||||
|
Loading…
Reference in New Issue
Block a user