From 350eecfa1325c857590976b3f2d8c17404293eab Mon Sep 17 00:00:00 2001 From: Pavel Karpy Date: Thu, 24 Nov 2022 17:28:50 +0300 Subject: [PATCH] [#2095] node: Do not allow `GETRANGE` requests with zero length Signed-off-by: Pavel Karpy --- pkg/services/object/get/prm.go | 25 +++++++++++++++++++++++++ pkg/services/object/get/v2/util.go | 5 +++++ 2 files changed, 30 insertions(+) diff --git a/pkg/services/object/get/prm.go b/pkg/services/object/get/prm.go index 55f8b0bb..6f737c71 100644 --- a/pkg/services/object/get/prm.go +++ b/pkg/services/object/get/prm.go @@ -1,6 +1,7 @@ package getsvc import ( + "errors" "hash" coreclient "github.com/TrueCloudLab/frostfs-node/pkg/core/client" @@ -21,6 +22,30 @@ type RangePrm struct { rng *object.Range } +var ( + errRangeZeroLength = errors.New("zero range length") + errRangeOverflow = errors.New("range overflow") +) + +// Validate pre-validates `OBJECTRANGE` request's parameters content +// without access to the requested object's payload. +func (p RangePrm) Validate() error { + if p.rng != nil { + off := p.rng.GetOffset() + l := p.rng.GetLength() + + if l == 0 { + return errRangeZeroLength + } + + if off+l <= off { + return errRangeOverflow + } + } + + return nil +} + // RangeHashPrm groups parameters of GetRange service call. type RangeHashPrm struct { commonPrm diff --git a/pkg/services/object/get/v2/util.go b/pkg/services/object/get/v2/util.go index df0fd14d..b2513cfe 100644 --- a/pkg/services/object/get/v2/util.go +++ b/pkg/services/object/get/v2/util.go @@ -229,6 +229,11 @@ func (s *Service) toRangePrm(req *objectV2.GetRangeRequest, stream objectSvc.Get p.SetChunkWriter(streamWrapper) p.SetRange(object.NewRangeFromV2(body.GetRange())) + err = p.Validate() + if err != nil { + return nil, fmt.Errorf("request params validation: %w", err) + } + if !commonPrm.LocalOnly() { var onceResign sync.Once var globalProgress int