mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
9c8b7306f5
This commit fixes a DoS vulnerability for certain APIs using signature V4 by verifying the content-md5 and/or content-sha56 of the request body in a streaming mode. The issue was caused by reading the entire body of the request into memory to verify the content-md5 or content-sha56 checksum if present. The vulnerability could be exploited by either replaying a V4 request (in the 15 min time frame) or sending a V4 presigned request with a large body. |
||
---|---|---|
.. | ||
errors.go | ||
reader_test.go | ||
reader.go |