From 1c911c5f40431cd27b3970a5a9f222d797ad05df Mon Sep 17 00:00:00 2001
From: poornas <poornas@users.noreply.github.com>
Date: Mon, 29 Oct 2018 06:40:34 -0700
Subject: [PATCH] Fix: Validate copy-part encryption header and metadata
 (#6725)

Otherwise CopyObjectPart would continue to upload part with incorrect
encryption option and fail when upload is finalized
---
 cmd/object-handlers.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go
index 36359e786..92f2b406c 100644
--- a/cmd/object-handlers.go
+++ b/cmd/object-handlers.go
@@ -1535,6 +1535,10 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt
 				writeErrorResponse(w, ErrSSEMultipartEncrypted, r.URL)
 				return
 			}
+			if crypto.S3.IsEncrypted(li.UserDefined) && crypto.SSEC.IsRequested(r.Header) {
+				writeErrorResponse(w, ErrSSEMultipartEncrypted, r.URL)
+				return
+			}
 			var key []byte
 			if crypto.SSEC.IsRequested(r.Header) {
 				key, err = ParseSSECustomerRequest(r)