fix `DownloadZIP` for encrypted objects (#8159)

This commit fixes the web ZIP download handler for encrypted objects. The decryption logic has moved into `getObjectNInfo`. So trying to decrypt the (already decrypted) content again in the ZIP handler obviously causes an error. This commit fixes this by removing the decryption logic from the the handler. Fixes #7965
5 years ago · 6b2ed0fc47
parent 0cd0f6c255
commit 6b2ed0fc47
1 changed files with 1 additions and 28 deletions
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@ -1316,17 +1316,6 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) {
 			info := gr.ObjInfo
 			length = info.Size
 			if objectAPI.IsEncryptionSupported() {
 				if _, err = DecryptObjectInfo(&info, r.Header); err != nil {
 					writeWebErrorResponse(w, err)
 					return err
 				}
 				if crypto.IsEncrypted(info.UserDefined) {
 					length, _ = info.DecryptedSize()
 				}
 			}
 			length = info.Size
 			var actualSize int64
 			if info.IsCompressed() {
 				// Read the decompressed size from the meta.json.
@ -1345,21 +1334,16 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) {
 				writeWebErrorResponse(w, errUnexpected)
 				return err
 			}
 			var startOffset int64
 			var writer io.Writer
 			if info.IsCompressed() {
 				// The decompress metrics are set.
 				snappyStartOffset := 0
 				snappyLength := actualSize
 				// Open a pipe for compression
 				// Where compressWriter is actually passed to the getObject
 				decompressReader, compressWriter := io.Pipe()
 				snappyReader := snappy.NewReader(decompressReader)
 				// The limit is set to the actual size.
-				responseWriter := ioutil.LimitedWriter(zipWriter, int64(snappyStartOffset), snappyLength)
+				responseWriter := ioutil.LimitedWriter(zipWriter, 0, actualSize)
 				wg.Add(1) //For closures.
 				go func() {
 					defer wg.Done()
@ -1374,17 +1358,6 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) {
 			} else {
 				writer = zipWriter
 			}
 			if objectAPI.IsEncryptionSupported() && crypto.S3.IsEncrypted(info.UserDefined) {
 				// Response writer should be limited early on for decryption upto required length,
 				// additionally also skipping mod(offset)64KiB boundaries.
 				writer = ioutil.LimitedWriter(writer, startOffset%(64*1024), length)
 				writer, _, length, err = DecryptBlocksRequest(writer, r,
 					args.BucketName, objectName, startOffset, length, info, false)
 				if err != nil {
 					writeWebErrorResponse(w, err)
 					return err
 				}
 			}
 			httpWriter := ioutil.WriteOnClose(writer)
 			// Write object content to response body