From 52d8f564bfb8fb8cda4953e0051fb196718524b7 Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@gmail.com>
Date: Tue, 4 Apr 2017 01:55:14 +0100
Subject: [PATCH] sigv2: Unespace canonicalized resources values (#4034)

Values of canonicalized query resources should be unescaped before calculating
the signature. This bug is not noticed before because partNumber and uploadID
values in Minio doesn't have characters that need to be escaped.
---
 cmd/signature-v2.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cmd/signature-v2.go b/cmd/signature-v2.go
index 64dbc7181..3549fcfeb 100644
--- a/cmd/signature-v2.go
+++ b/cmd/signature-v2.go
@@ -282,7 +282,13 @@ func canonicalizedResourceV2(encodedPath string, encodedQuery string) string {
 			canonicalQueries = append(canonicalQueries, key)
 			continue
 		}
-		canonicalQueries = append(canonicalQueries, key+"="+val)
+		// Resources values should be unescaped
+		unescapedVal, err := url.QueryUnescape(val)
+		if err != nil {
+			errorIf(err, "Unable to unescape query value (query = `%s`, value = `%s`)", key, val)
+			continue
+		}
+		canonicalQueries = append(canonicalQueries, key+"="+unescapedVal)
 	}
 	if len(canonicalQueries) == 0 {
 		return encodedPath