Merge pull request #611 from harshavardhana/pr_out_add_missing_validate_access_keys_after_extracted_from_authheader

10 years ago · c63ba4be26
parent 138288f788 e11f9110b6
commit c63ba4be26
2 changed files with 19 additions and 19 deletions
--- a/pkg/api/api_generic_handlers.go
+++ b/pkg/api/api_generic_handlers.go
@ -23,6 +23,7 @@ import (
 	"time"

 	"github.com/minio/minio/pkg/api/config"
+	"github.com/minio/minio/pkg/utils/crypto/keys"
 )

 type contentTypeHandler struct {
@ -78,6 +79,9 @@ func stripAuth(r *http.Request) (*auth, error) {
 	a.signedheaders = strings.Split(signedheaders, "=")[1]
 	a.signature = strings.Split(signature, "=")[1]
 	a.accessKey = strings.Split(a.credential, "/")[0]
+	if !keys.IsValidAccessKey(a.accessKey) {
+		return nil, errors.New("Invalid access key")
+	}
 	return a, nil
 }

--- a/pkg/utils/crypto/keys/common.go
+++ b/pkg/utils/crypto/keys/common.go
@ -16,6 +16,8 @@

 package keys

+import "regexp"
+
 // AccessID and SecretID length in bytes
 const (
 	MinioAccessID = 20
@ -24,26 +26,20 @@ const (

 /// helpers

-// Is alphanumeric?
-func isalnum(c byte) bool {
-	return '0' <= c && c <= '9' || 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z'
+// IsValidSecretKey - validate secret key
+func IsValidSecretKey(secretAccessKey string) bool {
+	if secretAccessKey == "" {
+		return true
+	}
+	regex := regexp.MustCompile("^.{40}$")
+	return regex.MatchString(secretAccessKey)
 }

-// IsValidAccessKey - validate access key for only alphanumeric characters
-func IsValidAccessKey(key []byte) bool {
-	for _, char := range key {
-		if isalnum(char) {
-			continue
-		}
-		switch char {
-		case '-':
-		case '.':
-		case '_':
-		case '~':
-			continue
-		default:
-			return false
-		}
+// IsValidAccessKey - validate access key
+func IsValidAccessKey(accessKeyID string) bool {
+	if accessKeyID == "" {
+		return true
 	}
-	return true
+	regex := regexp.MustCompile("^[A-Z0-9\\-\\.\\_\\~]{20}$")
+	return regex.MatchString(accessKeyID)
 }