From 84b121bbe141d1c250cd22c075b9eb4fc9abd4cc Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Thu, 3 Feb 2022 16:58:27 -0800 Subject: [PATCH] return error with empty x-amz-copy-source-range headers (#14249) fixes #14246 --- cmd/object-handlers.go | 7 +++++++ cmd/object-handlers_test.go | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index 484962f14..1efa2db20 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -2418,6 +2418,13 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt var parseRangeErr error if rangeHeader := r.Header.Get(xhttp.AmzCopySourceRange); rangeHeader != "" { rs, parseRangeErr = parseCopyPartRangeSpec(rangeHeader) + } else { + // This check is to see if client specified a header but the value + // is empty for 'x-amz-copy-source-range' + _, ok := r.Header[xhttp.AmzCopySourceRange] + if ok { + parseRangeErr = errInvalidRange + } } checkCopyPartPrecondFn := func(o ObjectInfo) bool { diff --git a/cmd/object-handlers_test.go b/cmd/object-handlers_test.go index a7029f49c..44fbf2544 100644 --- a/cmd/object-handlers_test.go +++ b/cmd/object-handlers_test.go @@ -1897,6 +1897,17 @@ func testAPICopyObjectPartHandler(obj ObjectLayer, instanceType, bucketName stri secretKey: credentials.SecretKey, expectedRespStatus: http.StatusNotFound, }, + // Test case - 16, Test case with ivalid byte range empty value. + { + bucketName: bucketName, + uploadID: uploadID, + copySourceHeader: url.QueryEscape(SlashSeparator + bucketName + SlashSeparator + objectName), + copySourceRange: "empty", + accessKey: credentials.AccessKey, + secretKey: credentials.SecretKey, + + expectedRespStatus: http.StatusBadRequest, + }, } for i, testCase := range testCases { @@ -1920,7 +1931,11 @@ func testAPICopyObjectPartHandler(obj ObjectLayer, instanceType, bucketName stri req.Header.Set("X-Amz-Copy-Source", testCase.copySourceHeader) } if testCase.copySourceRange != "" { - req.Header.Set("X-Amz-Copy-Source-Range", testCase.copySourceRange) + if testCase.copySourceRange == "empty" { + req.Header.Set("X-Amz-Copy-Source-Range", "") // specifically test for S3 errors in this scenario. + } else { + req.Header.Set("X-Amz-Copy-Source-Range", testCase.copySourceRange) + } } // Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.