aarifullin
/
frostfs-api-go
forked from TrueCloudLab/frostfs-api-go
1
0
Fork 0
Code Pull Requests Activity

[#323] pkg/client: Prevent corruption of parameterized session token 

Create new `SessionTokenBody` instead of using one from the parameter in
order to prevent data corruption.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
support/v2.15
Leonard Lyubich 2021-07-06 11:18:25 +03:00 committed by Leonard Lyubich
parent ab60f3685b
commit 2f783dfad7
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/client/object.go
View File

@ -1302,7 +1302,6 @@ func (c *clientImpl) attachV2SessionToken(opts *callOptions, hdr *v2session.Requ
}
token := new(v2session.SessionToken)
token.SetBody(opts.session.ToV2().GetBody())
opCtx := new(v2session.ObjectSessionContext)
opCtx.SetAddress(info.addr)
@ -1313,7 +1312,9 @@ func (c *clientImpl) attachV2SessionToken(opts *callOptions, hdr *v2session.Requ
lt.SetNbf(info.nbf)
lt.SetExp(info.exp)
body := token.GetBody()
body := new(v2session.SessionTokenBody)
body.SetID(opts.session.ID())
body.SetOwnerID(opts.session.OwnerID().ToV2())
body.SetSessionKey(opts.session.SessionKey())
body.SetContext(opCtx)
body.SetLifetime(lt)