Bug 1914: Failure when using S3/AWS access ID or region longer than 3…

…2 characters https://winscp.net/tracker/1914 (cherry picked from commit 7d5ac75) Source commit: 954bc29c9bf32cdb42434e063e601a4e0ba4c7e5
winscp · Oct 22, 2020 · e9ec882 · e9ec882
1 parent a9f5137
commit e9ec882
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 5 deletions.
diff --git a/libs/libs3/inc/libs3.h b/libs/libs3/inc/libs3.h
@@ -246,6 +246,11 @@ extern "C" {
  */
 #define S3_DEFAULT_REGION                  "us-east-1"
 
+// WINSCP
+// according to https://docs.aws.amazon.com/IAM/latest/APIReference/API_AccessKey.html max length is nowadays 128
+#define S3_MAX_ACCESS_KEY_ID_LENGTH 128
+#define S3_MAX_REGION_LENGTH 32
+
 
 /** **************************************************************************
  * Enumerations

diff --git a/libs/libs3/inc/util.h b/libs/libs3/inc/util.h
@@ -71,13 +71,12 @@
 #define MAX_CANONICALIZED_RESOURCE_SIZE \
     (1 + 255 + 1 + MAX_URLENCODED_KEY_SIZE + (sizeof("?torrent") - 1) + 1)
 
-// according to https://docs.aws.amazon.com/IAM/latest/APIReference/API_AccessKey.html max length is nowadays 128
-#define MAX_ACCESS_KEY_ID_LENGTH 128
+#define MAX_ACCESS_KEY_ID_LENGTH S3_MAX_ACCESS_KEY_ID_LENGTH
 
 // Maximum length of a credential string
 // <access key>/<yyyymmdd>/<region>/s3/aws4_request
 #define MAX_CREDENTIAL_SIZE \
-   (MAX_ACCESS_KEY_ID_LENGTH + 1) + 8 + 1 + 32 + sizeof("/s3/aws4_request")
+   (MAX_ACCESS_KEY_ID_LENGTH + 1) + 8 + 1 + S3_MAX_REGION_LENGTH + sizeof("/s3/aws4_request")
 
 // Utilities -----------------------------------------------------------------
 

diff --git a/source/core/S3FileSystem.cpp b/source/core/S3FileSystem.cpp
@@ -100,6 +100,10 @@ void __fastcall TS3FileSystem::Open()
     }
   }
   FAccessKeyId = UTF8String(AccessKeyId);
+  if (FAccessKeyId.Length() > MAX_ACCESS_KEY_ID_LENGTH)
+  {
+    FAccessKeyId.SetLength(MAX_ACCESS_KEY_ID_LENGTH);
+  }
 
   UnicodeString SecretAccessKey = UTF8String(NormalizeString(Data->Password));
   if (SecretAccessKey.IsEmpty() && !FTerminal->SessionData->FingerprintScan)
@@ -517,6 +521,10 @@ TLibS3BucketContext TS3FileSystem::GetBucketContext(const UnicodeString & Bucket
     Result.secretAccessKey = FSecretAccessKey.c_str();
     Result.securityToken = NULL;
     Result.AuthRegionBuf = UTF8String(Region);
+    if (Result.AuthRegionBuf.Length() > S3_MAX_REGION_LENGTH)
+    {
+      Result.AuthRegionBuf.SetLength(S3_MAX_REGION_LENGTH);
+    }
     Result.authRegion = Result.AuthRegionBuf.c_str();
 
     if (Retry)

diff --git a/source/forms/Login.dfm b/source/forms/Login.dfm
@@ -191,7 +191,7 @@ object LoginDialog: TLoginDialog
           Top = 139
           Width = 159
           Height = 21
-          MaxLength = 100
+          MaxLength = 128
           TabOrder = 7
           Text = 'UserNameEdit'
           OnChange = DataChange

diff --git a/source/forms/SiteAdvanced.dfm b/source/forms/SiteAdvanced.dfm
@@ -1021,7 +1021,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
             Width = 213
             Height = 21
             Anchors = [akLeft, akTop, akRight]
-            MaxLength = 100
+            MaxLength = 32
             TabOrder = 0
             Text = 'S3DefaultRegionCombo'
             OnChange = DataChange