MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-20 18:44:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

signature-v2: encode path and query strings when calculating signature (#3253)

Browse Source
This commit is contained in:
Anis Elleuch 2016-11-14 19:23:21 +01:00 committed by Harshavardhana
parent f234c35020
commit b8f0d9352f
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/signature-v2.go
View File

@ -191,17 +191,20 @@ func doesSignV2Match(r *http.Request) APIErrorCode {
return apiError return apiError
} }
// Encode path:
// url.RawPath will be valid if path has any encoded characters, if not it will // url.RawPath will be valid if path has any encoded characters, if not it will
// be empty - in which case we need to consider url.Path (bug in net/http?) // be empty - in which case we need to consider url.Path (bug in net/http?)
encodedResource := r.URL.RawPath encodedResource := r.URL.RawPath
encodedQuery := r.URL.RawQuery
if encodedResource == "" { if encodedResource == "" {
splits := strings.Split(r.URL.Path, "?") splits := strings.Split(r.URL.Path, "?")
if len(splits) > 0 { if len(splits) > 0 {
encodedResource = splits[0] encodedResource = getURLEncodedName(splits[0])
} }
} }
// Encode query strings
encodedQuery := r.URL.Query().Encode()
expectedAuth := signatureV2(r.Method, encodedResource, encodedQuery, r.Header) expectedAuth := signatureV2(r.Method, encodedResource, encodedQuery, r.Header)
if v2Auth != expectedAuth { if v2Auth != expectedAuth {
return ErrSignatureDoesNotMatch return ErrSignatureDoesNotMatch

4
cmd/test-utils_test.go
View File

@ -950,13 +950,13 @@ func signRequestV2(req *http.Request, accessKey, secretKey string) error {
// url.RawPath will be valid if path has any encoded characters, if not it will // url.RawPath will be valid if path has any encoded characters, if not it will
// be empty - in which case we need to consider url.Path (bug in net/http?) // be empty - in which case we need to consider url.Path (bug in net/http?)
encodedResource := req.URL.RawPath encodedResource := req.URL.RawPath
encodedQuery := req.URL.RawQuery
if encodedResource == "" { if encodedResource == "" {
splits := strings.Split(req.URL.Path, "?") splits := strings.Split(req.URL.Path, "?")
if len(splits) > 0 { if len(splits) > 0 {
encodedResource = splits[0] encodedResource = getURLEncodedName(splits[0])
} }
} }
encodedQuery := req.URL.Query().Encode()
// Calculate HMAC for secretAccessKey. // Calculate HMAC for secretAccessKey.
stringToSign := signV2STS(req.Method, encodedResource, encodedQuery, req.Header) stringToSign := signV2STS(req.Method, encodedResource, encodedQuery, req.Header)