From e11f9110b63ea8cb7142b23bfb83e54dac75e42b Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Thu, 21 May 2015 19:20:23 -0700 Subject: [PATCH] add missing validate access keys after being extracted from AuthHeader --- pkg/api/api_generic_handlers.go | 4 ++++ pkg/utils/crypto/keys/common.go | 34 +++++++++++++++------------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/api/api_generic_handlers.go b/pkg/api/api_generic_handlers.go index 2da6ef53f..139a12cc3 100644 --- a/pkg/api/api_generic_handlers.go +++ b/pkg/api/api_generic_handlers.go @@ -23,6 +23,7 @@ import ( "time" "github.com/minio/minio/pkg/api/config" + "github.com/minio/minio/pkg/utils/crypto/keys" ) type contentTypeHandler struct { @@ -78,6 +79,9 @@ func stripAuth(r *http.Request) (*auth, error) { a.signedheaders = strings.Split(signedheaders, "=")[1] a.signature = strings.Split(signature, "=")[1] a.accessKey = strings.Split(a.credential, "/")[0] + if !keys.IsValidAccessKey(a.accessKey) { + return nil, errors.New("Invalid access key") + } return a, nil } diff --git a/pkg/utils/crypto/keys/common.go b/pkg/utils/crypto/keys/common.go index 42410e004..9f94f08b7 100644 --- a/pkg/utils/crypto/keys/common.go +++ b/pkg/utils/crypto/keys/common.go @@ -16,6 +16,8 @@ package keys +import "regexp" + // AccessID and SecretID length in bytes const ( MinioAccessID = 20 @@ -24,26 +26,20 @@ const ( /// helpers -// Is alphanumeric? -func isalnum(c byte) bool { - return '0' <= c && c <= '9' || 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' +// IsValidSecretKey - validate secret key +func IsValidSecretKey(secretAccessKey string) bool { + if secretAccessKey == "" { + return true + } + regex := regexp.MustCompile("^.{40}$") + return regex.MatchString(secretAccessKey) } -// IsValidAccessKey - validate access key for only alphanumeric characters -func IsValidAccessKey(key []byte) bool { - for _, char := range key { - if isalnum(char) { - continue - } - switch char { - case '-': - case '.': - case '_': - case '~': - continue - default: - return false - } +// IsValidAccessKey - validate access key +func IsValidAccessKey(accessKeyID string) bool { + if accessKeyID == "" { + return true } - return true + regex := regexp.MustCompile("^[A-Z0-9\\-\\.\\_\\~]{20}$") + return regex.MatchString(accessKeyID) }