mirror of
https://github.com/minio/minio.git
synced 2025-01-11 23:13:23 -05:00
fix DownloadZIP
for encrypted objects (#8159)
This commit fixes the web ZIP download handler for encrypted objects. The decryption logic has moved into `getObjectNInfo`. So trying to decrypt the (already decrypted) content again in the ZIP handler obviously causes an error. This commit fixes this by removing the decryption logic from the the handler. Fixes #7965
This commit is contained in:
parent
0cd0f6c255
commit
6b2ed0fc47
@ -1316,17 +1316,6 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
info := gr.ObjInfo
|
||||
|
||||
length = info.Size
|
||||
if objectAPI.IsEncryptionSupported() {
|
||||
if _, err = DecryptObjectInfo(&info, r.Header); err != nil {
|
||||
writeWebErrorResponse(w, err)
|
||||
return err
|
||||
}
|
||||
if crypto.IsEncrypted(info.UserDefined) {
|
||||
length, _ = info.DecryptedSize()
|
||||
}
|
||||
}
|
||||
length = info.Size
|
||||
var actualSize int64
|
||||
if info.IsCompressed() {
|
||||
// Read the decompressed size from the meta.json.
|
||||
@ -1345,21 +1334,16 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) {
|
||||
writeWebErrorResponse(w, errUnexpected)
|
||||
return err
|
||||
}
|
||||
var startOffset int64
|
||||
var writer io.Writer
|
||||
|
||||
if info.IsCompressed() {
|
||||
// The decompress metrics are set.
|
||||
snappyStartOffset := 0
|
||||
snappyLength := actualSize
|
||||
|
||||
// Open a pipe for compression
|
||||
// Where compressWriter is actually passed to the getObject
|
||||
decompressReader, compressWriter := io.Pipe()
|
||||
snappyReader := snappy.NewReader(decompressReader)
|
||||
|
||||
// The limit is set to the actual size.
|
||||
responseWriter := ioutil.LimitedWriter(zipWriter, int64(snappyStartOffset), snappyLength)
|
||||
responseWriter := ioutil.LimitedWriter(zipWriter, 0, actualSize)
|
||||
wg.Add(1) //For closures.
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
@ -1374,17 +1358,6 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) {
|
||||
} else {
|
||||
writer = zipWriter
|
||||
}
|
||||
if objectAPI.IsEncryptionSupported() && crypto.S3.IsEncrypted(info.UserDefined) {
|
||||
// Response writer should be limited early on for decryption upto required length,
|
||||
// additionally also skipping mod(offset)64KiB boundaries.
|
||||
writer = ioutil.LimitedWriter(writer, startOffset%(64*1024), length)
|
||||
writer, _, length, err = DecryptBlocksRequest(writer, r,
|
||||
args.BucketName, objectName, startOffset, length, info, false)
|
||||
if err != nil {
|
||||
writeWebErrorResponse(w, err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
httpWriter := ioutil.WriteOnClose(writer)
|
||||
|
||||
// Write object content to response body
|
||||
|
Loading…
Reference in New Issue
Block a user