Forbid requests generated at least 15 min in the past or in the future (#2648)

This commit is contained in:
Anis Elleuch 2016-09-09 23:33:35 +01:00 committed by Harshavardhana
parent 421cccb1d7
commit 32201a18ab
2 changed files with 11 additions and 3 deletions

View File

@ -198,9 +198,10 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
writeErrorResponse(w, r, apiErr, r.URL.Path) writeErrorResponse(w, r, apiErr, r.URL.Path)
return return
} }
// Verify if the request date header is more than 5minutes // Verify if the request date header is shifted by less than maxSkewTime parameter in the past
// late, reject such clients. // or in the future, reject request otherwise.
if time.Now().UTC().Sub(amzDate)/time.Minute > time.Duration(5)*time.Minute { curTime := time.Now().UTC()
if curTime.Sub(amzDate) > maxSkewTime || amzDate.Sub(curTime) > maxSkewTime {
writeErrorResponse(w, r, ErrRequestTimeTooSkewed, r.URL.Path) writeErrorResponse(w, r, ErrRequestTimeTooSkewed, r.URL.Path)
return return
} }

View File

@ -17,6 +17,8 @@
package cmd package cmd
import ( import (
"time"
"github.com/fatih/color" "github.com/fatih/color"
"github.com/minio/minio/pkg/objcache" "github.com/minio/minio/pkg/objcache"
) )
@ -58,6 +60,11 @@ var (
maxFormFieldSize = int64(1024 * 1024) maxFormFieldSize = int64(1024 * 1024)
) )
var (
// The maximum allowed difference between the request generation time and the server processing time
maxSkewTime = 15 * time.Minute
)
// global colors. // global colors.
var ( var (
colorBlue = color.New(color.FgBlue).SprintfFunc() colorBlue = color.New(color.FgBlue).SprintfFunc()