minio/pkg/hash
Andreas Auernhammer 9c8b7306f5 security: fix write-to-RAM DoS vulnerability (#5957)
This commit fixes a DoS vulnerability for certain APIs using
signature V4 by verifying the content-md5 and/or content-sha56 of
the request body in a streaming mode.

The issue was caused by reading the entire body of the request into
memory to verify the content-md5 or content-sha56 checksum if present.

The vulnerability could be exploited by either replaying a V4 request
(in the 15 min time frame) or sending a V4 presigned request with a
large body.
2018-05-18 11:27:25 -07:00
..
errors.go Simplify data verification with HashReader. (#5071) 2017-10-22 11:00:34 +05:30
reader_test.go Add base64 encoded MD5 output for Hash Reader (#5315) 2017-12-21 17:27:33 -08:00
reader.go security: fix write-to-RAM DoS vulnerability (#5957) 2018-05-18 11:27:25 -07:00