Avoid object names with '//' to avoid hash inconsistencies (#8946)

This is to fix a situation where an object name incorrectly
is sent with '//' in its path heirarchy, we should reject
such object names because they may be hashed to a set where
the object might not originally belong because, this can
cause situations where once object is uploaded we cannot
delete it anymore.

Fixes #8873
master
Harshavardhana 5 years ago committed by GitHub
parent 086fbb745e
commit c2c5b09bb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      buildscripts/gateway-tests.sh
  2. 1
      cmd/object-api-input-checks.go
  3. 5
      cmd/object-api-utils.go
  4. 4
      cmd/object-api-utils_test.go

@ -46,7 +46,9 @@ function main()
gw_pid="$(start_minio_gateway_s3)" gw_pid="$(start_minio_gateway_s3)"
SERVER_ENDPOINT=127.0.0.1:24240 ENABLE_HTTPS=0 ACCESS_KEY=minio \ SERVER_ENDPOINT=127.0.0.1:24240 ENABLE_HTTPS=0 ACCESS_KEY=minio \
SECRET_KEY=minio123 MINT_MODE="full" /mint/entrypoint.sh SECRET_KEY=minio123 MINT_MODE="full" /mint/entrypoint.sh \
awscli aws-sdk-java aws-sdk-ruby mc minio-go minio-js s3cmd \
aws-sdk-go aws-sdk-php healthcheck minio-dotnet minio-py security
rv=$? rv=$?
kill "$sr_pid" kill "$sr_pid"

@ -162,6 +162,7 @@ func checkObjectArgs(ctx context.Context, bucket, object string, obj ObjectLayer
if err := checkObjectNameForLengthAndSlash(bucket, object); err != nil { if err := checkObjectNameForLengthAndSlash(bucket, object); err != nil {
return err return err
} }
// Validates object name validity after bucket exists. // Validates object name validity after bucket exists.
if !IsValidObjectName(object) { if !IsValidObjectName(object) {
return ObjectNameInvalid{ return ObjectNameInvalid{

@ -166,7 +166,10 @@ func IsValidObjectPrefix(object string) bool {
return false return false
} }
// Reject unsupported characters in object name. // Reject unsupported characters in object name.
if strings.ContainsAny(object, "\\") { if strings.ContainsAny(object, `\`) {
return false
}
if strings.Contains(object, `//`) {
return false return false
} }
return true return true

@ -122,7 +122,9 @@ func TestIsValidObjectName(t *testing.T) {
{" ../etc", false}, {" ../etc", false},
{"./././", false}, {"./././", false},
{"./etc", false}, {"./etc", false},
{"contains-\\-backslash", false}, {`contains-\-backslash`, false},
{`contains//double/forwardslash`, false},
{`//contains/double-forwardslash-prefix`, false},
{string([]byte{0xff, 0xfe, 0xfd}), false}, {string([]byte{0xff, 0xfe, 0xfd}), false},
} }

Loading…
Cancel
Save