fix DoS vulnerability in the content SHA-256 processing (#8026)

This commit fixes a DoS issue that is caused by an incorrect SHA-256 content verification during STS requests. Before that fix clients could write arbitrary many bytes to the server memory. This commit fixes this by limiting the request body size.
minio · Aug 5, 2019 · f6d0645 · f6d0645
1 parent 414a7ec
commit f6d0645
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/cmd/signature-v4-utils.go b/cmd/signature-v4-utils.go
@@ -21,6 +21,7 @@ import (
 	"context"
 	"crypto/hmac"
 	"encoding/hex"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"strconv"
@@ -61,7 +62,7 @@ func skipContentSha256Cksum(r *http.Request) bool {
 // Returns SHA256 for calculating canonical-request.
 func getContentSha256Cksum(r *http.Request, stype serviceType) string {
 	if stype == serviceSTS {
-		payload, err := ioutil.ReadAll(r.Body)
+		payload, err := ioutil.ReadAll(io.LimitReader(r.Body, stsRequestBodyLimit))
 		if err != nil {
 			logger.CriticalIf(context.Background(), err)
 		}

diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go
@@ -40,6 +40,8 @@ const (
 	clientGrants = "AssumeRoleWithClientGrants"
 	webIdentity  = "AssumeRoleWithWebIdentity"
 	assumeRole   = "AssumeRole"
+
+	stsRequestBodyLimit = 10 * (1 << 20) // 10 MiB
 )
 
 // stsAPIHandlers implements and provides http handlers for AWS STS API.