Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v4.Signer.Presign does the wrong thing when expiration is 0 #1617

Closed
echlebek opened this issue Oct 27, 2017 · 1 comment
Closed

v4.Signer.Presign does the wrong thing when expiration is 0 #1617

echlebek opened this issue Oct 27, 2017 · 1 comment
Labels
bug This issue is a bug. investigating This issue is being investigated and/or work is in progress to resolve the issue.

Comments

@echlebek
Copy link

echlebek commented Oct 27, 2017
edited

Version of AWS SDK for Go?

tip

Version of Go (go version)?

1.9.1

What issue did you see?

When Presign is called with a 0-valued time.Duration for its expiration, it behaves the same as calling Sign, rather than Presign. Presign should panic, return an error, or not use the same helper as Sign.

Steps to reproduce

Call v4.Signer.Presign with 0 for the expiration parameter. URL parameters will not be generated.
@xibz xibz added the bug This issue is a bug. label Oct 30, 2017
@xibz
Copy link
Contributor

xibz commented Oct 30, 2017

Hello @echlebek, thank you for reaching out to us. I have gone ahead and marked this as a bug, and the correct solution should be to return an error rather than a panic.

@jasdel jasdel added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Nov 1, 2017
jasdel added a commit to jasdel/aws-sdk-go that referenced this issue Nov 1, 2017
@jasdel
aws/request: Fix bug in request presign creating invalide URL
f26031a 
Fixes a bug the Request Presign and PresignRequest methods that would
allow a invalid expire duration as input. A expire time of 0 would be
interpreted by the SDK to generate a normal request signature, not a
presigned URL. This caused the returned URL unusable.

Added validation to the presign methods to return an error if the expire
duration is 0 or less.

Even though this is a change in functionality a expire duration less
than 1 is invalid and would not work. http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

Fix aws#1617
@jasdel jasdel mentioned this issue Nov 1, 2017
Merged
jasdel added a commit that referenced this issue Nov 1, 2017
@jasdel
aws/request: Fix bug in request presign creating invalide URL (#1624)
16d93be 
Fixes a bug the Request Presign and PresignRequest methods that would
allow a invalid expire duration as input. A expire time of 0 would be
interpreted by the SDK to generate a normal request signature, not a
presigned URL. This caused the returned URL unusable.

Added validation to the presign methods to return an error if the expire
duration is 0 or less.

Even though this is a change in functionality a expire duration less
than 1 is invalid and would not work. http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

Fix #1617
@awstools awstools mentioned this issue Nov 3, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. investigating This issue is being investigated and/or work is in progress to resolve the issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jasdel @echlebek @xibz