oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid DDOS in PutObject() when objectName is '/' and size '0' (#4962)

Browse Source 
It can happen that an incoming PutObject() request might
have inputs of following form eg:-

 - bucketName is 'testbucket'
 - objectName is '/'

bucketName exists and was previously created but there
are no other objects in this bucket. In a situation like
this parentDirIsObject() goes into an infinite loop.

Verifying that if '/' is an object fails on both backends
but the resulting `path.Dir('/')` returns `'/'` this causes
the closure to loop onto itself.

Fixes #4940
master
Harshavardhana 7 years ago committed by Dee Koder
parent 7e6b5bdbb7
commit d3eb5815d9
4 changed files with 178 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      cmd/fs-v1.go
  2. 71
      cmd/fs-v1_test.go
  3. 8
      cmd/xl-v1-common.go
  4. 99
      cmd/xl-v1-common_test.go

5
cmd/fs-v1.go
Unescape View File

@ -491,13 +491,14 @@ func (fs fsObjects) GetObjectInfo(bucket, object string) (oi ObjectInfo, e error
func (fs fsObjects) parentDirIsObject(bucket, parent string) bool { func (fs fsObjects) parentDirIsObject(bucket, parent string) bool {
var isParentDirObject func(string) bool var isParentDirObject func(string) bool
isParentDirObject = func(p string) bool { isParentDirObject = func(p string) bool {
if p == "." { if p == "." || p == "/" {
return false return false
} }
if _, err := fsStatFile(pathJoin(fs.fsPath, bucket, p)); err == nil { if _, err := fsStatFile(pathJoin(fs.fsPath, bucket, p)); err == nil {
// If there is already a file at prefix "p" return error. // If there is already a file at prefix "p", return true.
return true return true
} }
// Check if there is a file as one of the parent paths. // Check if there is a file as one of the parent paths.
return isParentDirObject(path.Dir(p)) return isParentDirObject(path.Dir(p))
} }

71
cmd/fs-v1_test.go
Unescape View File

@ -24,6 +24,77 @@ import (
"testing" "testing"
) )
// Tests for if parent directory is object
func TestFSParentDirIsObject(t *testing.T) {
rootPath, err := newTestConfig(globalMinioDefaultRegion)
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(rootPath)
obj, disk, err := prepareFS()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(disk)
bucketName := "testbucket"
objectName := "object"
if err = obj.MakeBucketWithLocation(bucketName, ""); err != nil {
t.Fatal(err)
}
objectContent := "12345"
objInfo, err := obj.PutObject(bucketName, objectName,
NewHashReader(bytes.NewReader([]byte(objectContent)), int64(len(objectContent)), "", ""), nil)
if err != nil {
t.Fatal(err)
}
if objInfo.Name != objectName {
t.Fatalf("Unexpected object name returned got %s, expected %s", objInfo.Name, objectName)
}
fs := obj.(*fsObjects)
testCases := []struct {
parentIsObject bool
objectName string
}{
// parentIsObject is true if object is available.
{
parentIsObject: true,
objectName: objectName,
},
{
parentIsObject: false,
objectName: "",
},
{
parentIsObject: false,
objectName: ".",
},
// Should not cause infinite loop.
{
parentIsObject: false,
objectName: "/",
},
{
parentIsObject: false,
objectName: "\\",
},
// Should not cause infinite loop with double forward slash.
{
parentIsObject: false,
objectName: "//",
},
}
for i, testCase := range testCases {
gotValue := fs.parentDirIsObject(bucketName, testCase.objectName)
if testCase.parentIsObject != gotValue {
t.Errorf("Test %d: Unexpected value returned got %t, expected %t", i+1, gotValue, testCase.parentIsObject)
}
}
}
// TestNewFS - tests initialization of all input disks // TestNewFS - tests initialization of all input disks
// and constructs a valid `FS` object layer. // and constructs a valid `FS` object layer.
func TestNewFS(t *testing.T) { func TestNewFS(t *testing.T) {

8
cmd/xl-v1-common.go
Unescape View File

@ -16,7 +16,9 @@
package cmd package cmd
import "path" import (
"path"
)
// getLoadBalancedDisks - fetches load balanced (sufficiently randomized) disk slice. // getLoadBalancedDisks - fetches load balanced (sufficiently randomized) disk slice.
func (xl xlObjects) getLoadBalancedDisks() (disks []StorageAPI) { func (xl xlObjects) getLoadBalancedDisks() (disks []StorageAPI) {
@ -33,11 +35,11 @@ func (xl xlObjects) getLoadBalancedDisks() (disks []StorageAPI) {
func (xl xlObjects) parentDirIsObject(bucket, parent string) bool { func (xl xlObjects) parentDirIsObject(bucket, parent string) bool {
var isParentDirObject func(string) bool var isParentDirObject func(string) bool
isParentDirObject = func(p string) bool { isParentDirObject = func(p string) bool {
if p == "." { if p == "." || p == "/" {
return false return false
} }
if xl.isObject(bucket, p) { if xl.isObject(bucket, p) {
// If there is already a file at prefix "p" return error. // If there is already a file at prefix "p", return true.
return true return true
} }
// Check if there is a file as one of the parent paths. // Check if there is a file as one of the parent paths.

99
cmd/xl-v1-common_test.go
Unescape View File

@ -0,0 +1,99 @@
/*
* Minio Cloud Storage, (C) 2017 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package cmd
import (
"bytes"
"os"
"testing"
)
// Tests for if parent directory is object
func TestXLParentDirIsObject(t *testing.T) {
rootPath, err := newTestConfig(globalMinioDefaultRegion)
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(rootPath)
obj, fsDisks, err := prepareXL()
if err != nil {
t.Fatalf("Unable to initialize 'XL' object layer.")
}
// Remove all disks.
for _, disk := range fsDisks {
defer os.RemoveAll(disk)
}
bucketName := "testbucket"
objectName := "object"
if err = obj.MakeBucketWithLocation(bucketName, ""); err != nil {
t.Fatal(err)
}
objectContent := "12345"
objInfo, err := obj.PutObject(bucketName, objectName,
NewHashReader(bytes.NewReader([]byte(objectContent)), int64(len(objectContent)), "", ""), nil)
if err != nil {
t.Fatal(err)
}
if objInfo.Name != objectName {
t.Fatalf("Unexpected object name returned got %s, expected %s", objInfo.Name, objectName)
}
fs := obj.(*xlObjects)
testCases := []struct {
parentIsObject bool
objectName string
}{
// parentIsObject is true if object is available.
{
parentIsObject: true,
objectName: objectName,
},
{
parentIsObject: false,
objectName: "",
},
{
parentIsObject: false,
objectName: ".",
},
// Should not cause infinite loop.
{
parentIsObject: false,
objectName: "/",
},
{
parentIsObject: false,
objectName: "\\",
},
// Should not cause infinite loop with double forward slash.
{
parentIsObject: false,
objectName: "//",
},
}
for i, testCase := range testCases {
gotValue := fs.parentDirIsObject(bucketName, testCase.objectName)
if testCase.parentIsObject != gotValue {
t.Errorf("Test %d: Unexpected value returned got %t, expected %t", i+1, gotValue, testCase.parentIsObject)
}
}
}
Write Preview
Loading…
Cancel
Save