forked from TrueCloudLab/frostfs-s3-gw
[#318] Fix panic on invalid multipart form
Previously, simple 'curl -X POST http://localhost:8084/test' leads to panic because of wrong handle matching Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
7b86bac6ee
commit
937367caaf
1 changed files with 12 additions and 1 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"encoding/xml"
|
||||
stderrors "errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
|
|
@ -628,11 +629,21 @@ func checkPostPolicy(r *http.Request, reqInfo *middleware.ReqInfo, metadata map[
|
|||
policy.empty = false
|
||||
}
|
||||
|
||||
if r.MultipartForm == nil {
|
||||
return nil, stderrors.New("empty multipart form")
|
||||
}
|
||||
|
||||
for key, v := range r.MultipartForm.Value {
|
||||
value := v[0]
|
||||
if key == "file" || key == "policy" || key == "x-amz-signature" || strings.HasPrefix(key, "x-ignore-") {
|
||||
continue
|
||||
}
|
||||
|
||||
if len(v) != 1 {
|
||||
return nil, fmt.Errorf("empty multipart value for key '%s'", key)
|
||||
}
|
||||
|
||||
value := v[0]
|
||||
|
||||
if err := policy.CheckField(key, value); err != nil {
|
||||
return nil, fmt.Errorf("'%s' form field doesn't match the policy: %w", key, err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue