From 18ced1102cd19c5d2a71e8bd1baea54986baec72 Mon Sep 17 00:00:00 2001 From: Bala FA Date: Tue, 4 Dec 2018 01:31:28 +0530 Subject: [PATCH] handle post policy only if it is set. (#6852) Previously policy in post form is assumed to be set always. This is fixed by doing the check when policy is set. --- cmd/bucket-handlers.go | 43 ++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go index addc5cf30..ff751e3b6 100644 --- a/cmd/bucket-handlers.go +++ b/cmd/bucket-handlers.go @@ -572,31 +572,34 @@ func (api objectAPIHandlers) PostPolicyBucketHandler(w http.ResponseWriter, r *h return } - postPolicyForm, err := parsePostPolicyForm(string(policyBytes)) - if err != nil { - writeErrorResponse(w, ErrMalformedPOSTRequest, r.URL, guessIsBrowserReq(r)) - return - } - - // Make sure formValues adhere to policy restrictions. - if apiErr = checkPostPolicy(formValues, postPolicyForm); apiErr != ErrNone { - writeErrorResponse(w, apiErr, r.URL, guessIsBrowserReq(r)) - return - } - - // Ensure that the object size is within expected range, also the file size - // should not exceed the maximum single Put size (5 GiB) - lengthRange := postPolicyForm.Conditions.ContentLengthRange - if lengthRange.Valid { - if fileSize < lengthRange.Min { - writeErrorResponse(w, toAPIErrorCode(ctx, errDataTooSmall), r.URL, guessIsBrowserReq(r)) + // Handle policy if it is set. + if len(policyBytes) > 0 { + postPolicyForm, err := parsePostPolicyForm(string(policyBytes)) + if err != nil { + writeErrorResponse(w, ErrMalformedPOSTRequest, r.URL, guessIsBrowserReq(r)) return } - if fileSize > lengthRange.Max || isMaxObjectSize(fileSize) { - writeErrorResponse(w, toAPIErrorCode(ctx, errDataTooLarge), r.URL, guessIsBrowserReq(r)) + // Make sure formValues adhere to policy restrictions. + if apiErr = checkPostPolicy(formValues, postPolicyForm); apiErr != ErrNone { + writeErrorResponse(w, apiErr, r.URL, guessIsBrowserReq(r)) return } + + // Ensure that the object size is within expected range, also the file size + // should not exceed the maximum single Put size (5 GiB) + lengthRange := postPolicyForm.Conditions.ContentLengthRange + if lengthRange.Valid { + if fileSize < lengthRange.Min { + writeErrorResponse(w, toAPIErrorCode(ctx, errDataTooSmall), r.URL, guessIsBrowserReq(r)) + return + } + + if fileSize > lengthRange.Max || isMaxObjectSize(fileSize) { + writeErrorResponse(w, toAPIErrorCode(ctx, errDataTooLarge), r.URL, guessIsBrowserReq(r)) + return + } + } } // Extract metadata to be saved from received Form.