mirror of
https://github.com/minio/minio.git
synced 2025-01-25 21:53:16 -05:00
fix content-sha256 verification for presigned PUT (#5137)
It is possible that x-amz-content-sha256 is set through the query params in case of presigned PUT calls, make sure that we validate the incoming x-amz-content-sha256 properly. Current code simply just allows this without honoring the set x-amz-content-sha256, fix it.
This commit is contained in:
parent
dcdb07433a
commit
719f8c258a
@ -569,7 +569,7 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
|
||||
return
|
||||
}
|
||||
if !skipContentSha256Cksum(r) {
|
||||
sha256hex = r.Header.Get("X-Amz-Content-Sha256")
|
||||
sha256hex = getContentSha256Cksum(r)
|
||||
}
|
||||
}
|
||||
|
||||
@ -866,7 +866,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
|
||||
}
|
||||
|
||||
if !skipContentSha256Cksum(r) {
|
||||
sha256hex = r.Header.Get("X-Amz-Content-Sha256")
|
||||
sha256hex = getContentSha256Cksum(r)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -289,7 +289,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
|
||||
/// Verify finally if signature is same.
|
||||
|
||||
// Get canonical request.
|
||||
presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, hashedPayload, encodedQuery, req.URL.Path, req.Method)
|
||||
presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, unsignedPayload, encodedQuery, req.URL.Path, req.Method)
|
||||
|
||||
// Get string to sign from canonical request.
|
||||
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope())
|
||||
|
Loading…
x
Reference in New Issue
Block a user