mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
Fix SSE-C source decryption handling (#6671)
Without this fix we have room for two different type of errors. - Source is encrypted and we didn't provide any source encryption keys This results in Incomplete body error to be returned back to the client since source is encrypted and we gave the reader as is to the object layer which was of a decrypted value leading to "IncompleteBody" - Source is not encrypted and we provided source encryption keys. This results in a corrupted object on the destination which is considered encrypted but cannot be read by the server and returns the following error. ``` <Error><Code>XMinioObjectTampered</Code><Message>The requested object was modified and may be compromised</Message><Resource>/id-platform-gamma/ </Resource><RequestId>155EDC3E86BFD4DA</RequestId><HostId>3L137</HostId> </Error> ```
This commit is contained in:
parent
0edfb32621
commit
62b560510b
@ -808,9 +808,21 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re
|
||||
|
||||
var encMetadata = make(map[string]string)
|
||||
if objectAPI.IsEncryptionSupported() && !srcInfo.IsCompressed() {
|
||||
// Encryption parameters not applicable for this object.
|
||||
if !crypto.IsEncrypted(srcInfo.UserDefined) && crypto.SSECopy.IsRequested(r.Header) {
|
||||
writeErrorResponse(w, toAPIErrorCode(errInvalidEncryptionParameters), r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
// Encryption parameters not present for this object.
|
||||
if crypto.SSEC.IsEncrypted(srcInfo.UserDefined) && !crypto.SSECopy.IsRequested(r.Header) {
|
||||
writeErrorResponse(w, ErrInvalidSSECustomerAlgorithm, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
var oldKey, newKey []byte
|
||||
sseCopyS3 := crypto.S3.IsEncrypted(srcInfo.UserDefined)
|
||||
sseCopyC := crypto.SSECopy.IsRequested(r.Header)
|
||||
sseCopyC := crypto.SSEC.IsEncrypted(srcInfo.UserDefined) && crypto.SSECopy.IsRequested(r.Header)
|
||||
sseC := crypto.SSEC.IsRequested(r.Header)
|
||||
sseS3 := crypto.S3.IsRequested(r.Header)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user