Return ErrContentSHA256Mismatch when sha256sum is invalid (#5188)

master
Krishnan Parthasarathi 7 years ago committed by Dee Koder
parent 67f66c40c1
commit 2a0a62b78d
  1. 2
      cmd/signature-v4.go
  2. 8
      pkg/hash/reader.go
  3. 29
      pkg/hash/reader_test.go

@ -289,7 +289,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
/// Verify finally if signature is same.
// Get canonical request.
presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, unsignedPayload, encodedQuery, req.URL.Path, req.Method)
presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, hashedPayload, encodedQuery, req.URL.Path, req.Method)
// Get string to sign from canonical request.
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope())

@ -26,6 +26,8 @@ import (
"io"
)
var errNestedReader = errors.New("Nesting of Reader detected, not allowed")
// Reader writes what it reads from an io.Reader to an MD5 and SHA256 hash.Hash.
// Reader verifies that the content of the io.Reader matches the expected checksums.
type Reader struct {
@ -40,17 +42,17 @@ type Reader struct {
// SHA256 sum (if set) of the provided io.Reader at EOF.
func NewReader(src io.Reader, size int64, md5Hex, sha256Hex string) (*Reader, error) {
if _, ok := src.(*Reader); ok {
return nil, errors.New("Nesting of Reader detected, not allowed")
return nil, errNestedReader
}
sha256sum, err := hex.DecodeString(sha256Hex)
if err != nil {
return nil, err
return nil, SHA256Mismatch{}
}
md5sum, err := hex.DecodeString(md5Hex)
if err != nil {
return nil, err
return nil, BadDigest{}
}
var sha256Hash hash.Hash

@ -114,26 +114,30 @@ func TestHashReaderInvalidArguments(t *testing.T) {
size int64
md5hex, sha256hex string
success bool
expectedErr error
}{
// Invalid md5sum NewReader() will fail.
{
src: bytes.NewReader([]byte("abcd")),
size: 4,
md5hex: "invalid-md5",
success: false,
src: bytes.NewReader([]byte("abcd")),
size: 4,
md5hex: "invalid-md5",
success: false,
expectedErr: BadDigest{},
},
// Invalid sha256 NewReader() will fail.
{
src: bytes.NewReader([]byte("abcd")),
size: 4,
sha256hex: "invalid-sha256",
success: false,
src: bytes.NewReader([]byte("abcd")),
size: 4,
sha256hex: "invalid-sha256",
success: false,
expectedErr: SHA256Mismatch{},
},
// Nested hash reader NewReader() will fail.
{
src: &Reader{src: bytes.NewReader([]byte("abcd"))},
size: 4,
success: false,
src: &Reader{src: bytes.NewReader([]byte("abcd"))},
size: 4,
success: false,
expectedErr: errNestedReader,
},
// Expected inputs, NewReader() will succeed.
{
@ -151,5 +155,8 @@ func TestHashReaderInvalidArguments(t *testing.T) {
if err == nil && !testCase.success {
t.Errorf("Test %d: Expected error, but got success", i+1)
}
if err != testCase.expectedErr {
t.Errorf("Test %d: Expected error %v, but got %v", i+1, testCase.expectedErr, err)
}
}
}

Loading…
Cancel
Save