Projects
openEuler:20.03:LTS:SP3:Epol
trafficserver
_service:tar_scm_kernel_repo:CVE-2023-33933.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:CVE-2023-33933.patch of Package trafficserver
From 726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 Mon Sep 17 00:00:00 2001 From: Masakazu Kitajo <maskit@apache.org> Date: Thu, 8 Jun 2023 02:27:52 +0900 Subject: [PATCH] s3_auth: Fix hash calculation (#9779) (cherry picked from commit 867c48c1adf9e795c8d85c48d2d0f07f08aa87ec) --- plugins/s3_auth/aws_auth_v4.cc | 5 +++++ plugins/s3_auth/aws_auth_v4.h | 1 + plugins/s3_auth/aws_auth_v4_wrap.h | 5 +++++ plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 ++++++++++++++ plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 +++++++ 5 files changed, 32 insertions(+) diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc index 3f9aea0..6ba76d8 100644 --- a/plugins/s3_auth/aws_auth_v4.cc +++ b/plugins/s3_auth/aws_auth_v4.cc @@ -303,6 +303,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool signPayload, const StringSe str = api.getPath(&length); String path("/"); path.append(str, length); + str = api.getParams(&length); + if (length > 0) { + path.append(";", 1); + path.append(str, length); + } String canonicalUri = canonicalEncode(path, /* isObjectName */ true); sha256Update(&canonicalRequestSha256Ctx, canonicalUri); sha256Update(&canonicalRequestSha256Ctx, "\n"); diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h index 865a199..984bc62 100644 --- a/plugins/s3_auth/aws_auth_v4.h +++ b/plugins/s3_auth/aws_auth_v4.h @@ -47,6 +47,7 @@ public: virtual const char *getMethod(int *length) = 0; virtual const char *getHost(int *length) = 0; virtual const char *getPath(int *length) = 0; + virtual const char *getParams(int *length) = 0; virtual const char *getQuery(int *length) = 0; virtual HeaderIterator headerBegin() = 0; virtual HeaderIterator headerEnd() = 0; diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h b/plugins/s3_auth/aws_auth_v4_wrap.h index 72221c3..3ed858a 100644 --- a/plugins/s3_auth/aws_auth_v4_wrap.h +++ b/plugins/s3_auth/aws_auth_v4_wrap.h @@ -108,6 +108,11 @@ public: return TSUrlPathGet(_bufp, _url, len); } const char * + getParams(int *len) override + { + return TSUrlHttpParamsGet(_bufp, _url, len); + } + const char * getQuery(int *len) override { return TSUrlHttpQueryGet(_bufp, _url, len); diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc index 595fe00..a11213c 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc @@ -404,6 +404,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object", "[AWS][auth][SpecByExample]") api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign("test.txt"); + api._params.assign(""); api._query.assign(""); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Range", "bytes=0-9")); @@ -449,6 +450,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle", "[AWS][auth][SpecByExamp api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("lifecycle"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); @@ -493,6 +495,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects", "[AWS][auth][SpecByEx api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); @@ -584,6 +587,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, unsigned pay-load, exc api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); @@ -633,6 +637,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, query param value alre api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign("PATH=="); + api._params.assign(""); api._query.assign("key=TEST=="); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); @@ -679,6 +684,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name fields", "[AWS][auth][ api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -777,6 +783,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers explicit", "[AWS][auth][SpecB api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -812,6 +819,7 @@ TEST_CASE("S3AuthV4UtilParams: exclude all headers explicit", "[AWS][auth][utili api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -847,6 +855,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non overlapping headers", "[AWS][ api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -881,6 +890,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers", "[AWS][auth api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -916,6 +926,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing inclu api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -951,6 +962,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing exclu api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -989,6 +1001,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type", "[AWS][auth][utility]") api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -1022,6 +1035,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content type", "[AWS][auth][utili api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h index e295d75..e4eb454 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h @@ -95,6 +95,12 @@ public: return _path.c_str(); } const char * + getParams(int *length) + { + *length = _params.length(); + return _params.c_str(); + } + const char * getQuery(int *length) { *length = _query.length(); @@ -114,6 +120,7 @@ public: String _method; String _host; String _path; + String _params; String _query; HeaderMultiMap _headers; }; -- 2.30.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.