forked from TrueCloudLab/distribution
v2 signer: correctly sort headers
The current code determines the header order for the "string-to-sign" payload by sorting on the concatenation of headers and values, whereas it should only happen on the key. During multipart uploads, since `x-amz-copy-source-range` and `x-amz-copy-source` headers are present, V2 signatures fail to validate since header order is swapped. This patch reverts to the expected behavior. Signed-off-by: Pierre-Yves Ritschard <pyr@spootnik.org>
This commit is contained in:
parent
8234784a1a
commit
775cc6d632
1 changed files with 10 additions and 3 deletions
|
@ -124,6 +124,8 @@ func (v2 *signer) Sign() error {
|
|||
md5, ctype, date, xamz string
|
||||
xamzDate bool
|
||||
sarray []string
|
||||
smap map[string]string
|
||||
sharray []string
|
||||
)
|
||||
|
||||
headers := v2.Request.Header
|
||||
|
@ -136,6 +138,7 @@ func (v2 *signer) Sign() error {
|
|||
v2.Request.Header["Host"] = []string{host}
|
||||
v2.Request.Header["date"] = []string{v2.Time.In(time.UTC).Format(time.RFC1123)}
|
||||
|
||||
smap = make(map[string]string)
|
||||
for k, v := range headers {
|
||||
k = strings.ToLower(k)
|
||||
switch k {
|
||||
|
@ -150,16 +153,20 @@ func (v2 *signer) Sign() error {
|
|||
default:
|
||||
if strings.HasPrefix(k, "x-amz-") {
|
||||
vall := strings.Join(v, ",")
|
||||
sarray = append(sarray, k+":"+vall)
|
||||
smap[k] = k+":"+vall
|
||||
if k == "x-amz-date" {
|
||||
xamzDate = true
|
||||
date = ""
|
||||
}
|
||||
sharray = append(sharray, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(sarray) > 0 {
|
||||
sort.StringSlice(sarray).Sort()
|
||||
if len(sharray) > 0 {
|
||||
sort.StringSlice(sharray).Sort()
|
||||
for _, h := range(sharray) {
|
||||
sarray = append(sarray, smap[h])
|
||||
}
|
||||
xamz = strings.Join(sarray, "\n") + "\n"
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue