Fix: Validate copy-part encryption header and metadata (#6725)

Otherwise CopyObjectPart would continue to upload part with incorrect encryption option and fail when upload is finalized
6 years ago · 1c911c5f40
parent bd8dc17b7a
commit 1c911c5f40
1 changed files with 4 additions and 0 deletions
--- a/cmd/object-handlers.go
+++ b/cmd/object-handlers.go
@ -1535,6 +1535,10 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt
 				writeErrorResponse(w, ErrSSEMultipartEncrypted, r.URL)
 				return
 			}
+			if crypto.S3.IsEncrypted(li.UserDefined) && crypto.SSEC.IsRequested(r.Header) {
+				writeErrorResponse(w, ErrSSEMultipartEncrypted, r.URL)
+				return
+			}
 			var key []byte
 			if crypto.SSEC.IsRequested(r.Header) {
 				key, err = ParseSSECustomerRequest(r)