mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
sigv2: Unespace canonicalized resources values (#4034)
Values of canonicalized query resources should be unescaped before calculating the signature. This bug is not noticed before because partNumber and uploadID values in Minio doesn't have characters that need to be escaped.
This commit is contained in:
parent
3fe33e7b15
commit
52d8f564bf
@ -282,7 +282,13 @@ func canonicalizedResourceV2(encodedPath string, encodedQuery string) string {
|
||||
canonicalQueries = append(canonicalQueries, key)
|
||||
continue
|
||||
}
|
||||
canonicalQueries = append(canonicalQueries, key+"="+val)
|
||||
// Resources values should be unescaped
|
||||
unescapedVal, err := url.QueryUnescape(val)
|
||||
if err != nil {
|
||||
errorIf(err, "Unable to unescape query value (query = `%s`, value = `%s`)", key, val)
|
||||
continue
|
||||
}
|
||||
canonicalQueries = append(canonicalQueries, key+"="+unescapedVal)
|
||||
}
|
||||
if len(canonicalQueries) == 0 {
|
||||
return encodedPath
|
||||
|
Loading…
Reference in New Issue
Block a user