Skip to content

Commit

Permalink
Fix: verify client sent md5sum in encrypted PutObjectPart request (#6668
Browse files Browse the repository at this point in the history 
)

This PR also removes check for SSE-S3 headers as this
is not required by S3 specification.
  • Loading branch information
@poornas @kannappanr
poornas authored and kannappanr committed Oct 18, 2018
1 parent b43e833 commit 7e0f1eb
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions cmd/object-handlers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1755,6 +1755,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
}
}

isEncrypted := false
if objectAPI.IsEncryptionSupported() && !isCompressed {
var li ListPartsInfo
li, err = objectAPI.ListObjectParts(ctx, bucket, object, uploadID, 0, 1)
Expand All @@ -1763,7 +1764,8 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
return
}
if crypto.IsEncrypted(li.UserDefined) {
if !hasServerSideEncryptionHeader(r.Header) {
isEncrypted = true
if !crypto.SSEC.IsRequested(r.Header) && crypto.SSEC.IsEncrypted(li.UserDefined) {
writeErrorResponse(w, ErrSSEMultipartEncrypted, r.URL)
return
}
Expand Down Expand Up @@ -1791,7 +1793,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
mac.Write(partIDbin[:])
partEncryptionKey := mac.Sum(nil)

reader, err = sio.EncryptReader(reader, sio.Config{Key: partEncryptionKey})
reader, err = sio.EncryptReader(hashReader, sio.Config{Key: partEncryptionKey})
if err != nil {
writeErrorResponse(w, toAPIErrorCode(err), r.URL)
return
Expand All @@ -1807,7 +1809,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
}

putObjectPart := objectAPI.PutObjectPart
if api.CacheAPI() != nil && !hasServerSideEncryptionHeader(r.Header) {
if api.CacheAPI() != nil && !isEncrypted {
putObjectPart = api.CacheAPI().PutObjectPart
}
partInfo, err := putObjectPart(ctx, bucket, object, uploadID, partID, hashReader, opts)
Expand Down

0 comments on commit 7e0f1eb

Please sign in to comment.