Don't decrypt ETag in validation when source is SSEC multipart (#7423)

Copying an encrypted SSEC object when this latter is uploaded using multipart mechanism was failing because ETag in case of encrypted multipart upload is not encrypted. This PR fixes the behavior.
6 years ago · 8689ec258b
parent aac9e2a7dd
commit 8689ec258b
1 changed files with 4 additions and 3 deletions
--- a/cmd/object-handlers-common.go
+++ b/cmd/object-handlers-common.go
@ -98,13 +98,14 @@ func checkCopyObjectPreconditions(ctx context.Context, w http.ResponseWriter, r
 		}
 	}

-	ssec := crypto.SSECopy.IsRequested(r.Header)
+	shouldDecryptEtag := crypto.SSECopy.IsRequested(r.Header) && !crypto.IsMultiPart(objInfo.UserDefined)
+
 	// x-amz-copy-source-if-match : Return the object only if its entity tag (ETag) is the
 	// same as the one specified; otherwise return a 412 (precondition failed).
 	ifMatchETagHeader := r.Header.Get("x-amz-copy-source-if-match")
 	if ifMatchETagHeader != "" {
 		etag := objInfo.ETag
-		if ssec {
+		if shouldDecryptEtag {
 			etag = encETag[len(encETag)-32:]
 		}
 		if objInfo.ETag != "" && !isETagEqual(etag, ifMatchETagHeader) {
@ -120,7 +121,7 @@ func checkCopyObjectPreconditions(ctx context.Context, w http.ResponseWriter, r
 	ifNoneMatchETagHeader := r.Header.Get("x-amz-copy-source-if-none-match")
 	if ifNoneMatchETagHeader != "" {
 		etag := objInfo.ETag
-		if ssec {
+		if shouldDecryptEtag {
 			etag = encETag[len(encETag)-32:]
 		}
 		if objInfo.ETag != "" && isETagEqual(etag, ifNoneMatchETagHeader) {