MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Check for s3zip content offset (#15924)

Browse Source
This commit is contained in:
Klaus Post
2022-10-22 00:37:48 +02:00
committed by GitHub
parent e4e90b53c1
commit 86d543d0f6
2 changed files with 31 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
cmd/s3-zip-handlers.go
View File

@@ -29,6 +29,7 @@ import (
"strings"
"github.com/minio/minio/internal/crypto"
xhttp "github.com/minio/minio/internal/http"
xioutil "github.com/minio/minio/internal/ioutil"
"github.com/minio/minio/internal/logger"
"github.com/minio/pkg/bucket/policy"
@@ -122,6 +123,17 @@ func (api objectAPIHandlers) getObjectInArchiveFileHandler(ctx context.Context,
return
}
// We do not allow offsetting into extracted files.
if opts.PartNumber != 0 {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidPartNumber), r.URL)
return
}
if r.Header.Get(xhttp.Range) != "" {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidRange), r.URL)
return
}
// Validate pre-conditions if any.
opts.CheckPrecondFn = func(oi ObjectInfo) bool {
if objectAPI.IsEncryptionSupported() {
@@ -192,6 +204,8 @@ func (api objectAPIHandlers) getObjectInArchiveFileHandler(ctx context.Context,
writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
return
}
// s3zip does not allow ranges
w.Header().Del(xhttp.AcceptRanges)
setHeadGetRespHeaders(w, r.Form)
@@ -410,13 +424,22 @@ func (api objectAPIHandlers) headObjectInArchiveFileHandler(ctx context.Context,
return
}
var rs *HTTPRangeSpec
// Validate pre-conditions if any.
opts.CheckPrecondFn = func(oi ObjectInfo) bool {
return checkPreconditions(ctx, w, r, oi, opts)
}
// We do not allow offsetting into extracted files.
if opts.PartNumber != 0 {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidPartNumber), r.URL)
return
}
if r.Header.Get(xhttp.Range) != "" {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidRange), r.URL)
return
}
zipObjInfo, err := getObjectInfo(ctx, bucket, zipPath, opts)
if err != nil {
writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
@@ -455,15 +478,14 @@ func (api objectAPIHandlers) headObjectInArchiveFileHandler(ctx context.Context,
return
}
// s3zip does not allow ranges.
w.Header().Del(xhttp.AcceptRanges)
// Set any additional requested response headers.
setHeadGetRespHeaders(w, r.Form)
// Successful response.
if rs != nil {
w.WriteHeader(http.StatusPartialContent)
} else {
w.WriteHeader(http.StatusOK)
}
w.WriteHeader(http.StatusOK)
}
// Update the passed zip object metadata with the zip contents info, file name, modtime, size, etc..