Andreas Auernhammer
a6318dbdaf
fix timing oracle attack against signature V2/V4 verification ( #5335 )
...
This change replaces the non-constant time comparison of
request signatures with a constant time implementation. This
prevents a timing attack which can be used to learn a valid
signature for a request without knowing the secret key.
Fixes #5334
7 years ago
kannappanr
f460eceb6d
Check for value > 7 days in X-Amz-Expires header. ( #5163 )
...
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days.
Fixes #5162
7 years ago
Krishna Srinivas
5db1e9f3dd
signature: use region from Auth header if server's region not configured ( #4329 )
8 years ago
Bala FA
1c97dcb10a
Add UTCNow() function. ( #3931 )
...
This patch adds UTCNow() function which returns current UTC time.
This is equivalent of UTCNow() == time.Now().UTC()
8 years ago
Harshavardhana
47ac410ab0
Code cleanup - simplify server side code. ( #3870 )
...
Fix all the issues reported by `gosimple` tool.
8 years ago
Harshavardhana
62f8343879
Add constants for commonly used values. ( #3588 )
...
This is a consolidation effort, avoiding usage
of naked strings in codebase. Whenever possible
use constants which can be repurposed elsewhere.
This also fixes `goconst ./...` reported issues.
8 years ago
Harshavardhana
9161016962
tests: Improve coverage on signature v4 tests. ( #3188 )
...
Fixes #3065
8 years ago
Harshavardhana
d9674f7524
Improve coverage of web-handlers.go ( #3157 )
...
This patch additionally relaxes the requirement for
accesskeys to be in a regexy set of values.
Fixes #3063
8 years ago
Harshavardhana
113b93346b
lock: Make some cleanup and moving the code around. ( #2718 )
...
This patch just avoids lot of ifs and inverts some logic.
8 years ago
Harshavardhana
bccf549463
server: Move all the top level files into cmd folder. ( #2490 )
...
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
8 years ago
karthic rao
e0cf4ee9fc
presignV4: fix errors response and tests. ( #2375 )
...
- Fix error response when one of the query params in the presign URL is
missing.
- Exhasutive test coverage for presignv4.
8 years ago
karthic rao
d63ce9d60d
tests: tests for signature v4 parser ( #2362 )
9 years ago