From: Jeff Garzik <jeff@garzik.org>
To: hail-devel@vger.kernel.org
Subject: [PATCH] tabled/libhttpstor: fix HTTP header signing bug
Date: Sun, 7 Mar 2010 12:35:17 -0500 [thread overview]
Message-ID: <20100307173517.GA28140@havoc.gtf.org> (raw)
commit 223c5f7ceab19bd0630943e77de15372a865a7ea
Author: Jeff Garzik <jeff@garzik.org>
Date: Sun Mar 7 07:57:24 2010 -0500
libhttpstor: sign user-provided headers
We forgot to sign user-provided headers for AWS authentication.
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
diff --git a/lib/httpstor.c b/lib/httpstor.c
index 189aab5..b024cad 100644
--- a/lib/httpstor.c
+++ b/lib/httpstor.c
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <string.h>
+#include <ctype.h>
#include <curl/curl.h>
#include <openssl/hmac.h>
#include <libxml/tree.h>
@@ -443,9 +444,9 @@ bool httpstor_put(struct httpstor_client *httpstor, const char *bucket, const ch
{
struct http_req req;
char datestr[80], timestr[64], hmac[64], auth[128], host[80],
- url[80], *orig_path, *stmp;
+ url[80], *orig_path, *stmp, *uhdr_buf = NULL;
struct curl_slist *headers = NULL;
- int rc;
+ int rc = -1;
if (asprintf(&stmp, "/%s/%s", bucket, key) < 0)
return false;
@@ -461,6 +462,51 @@ bool httpstor_put(struct httpstor_client *httpstor, const char *bucket, const ch
req_hdr_push(&req, "Date", timestr);
+ if (user_hdrs) {
+ int idx = 0;
+ size_t uhdr_len = 0, ukey_len;
+ void *p;
+ char *colon, *ukey, *uval;
+
+ /* 1. add to curl hdr list. 2. count hdr byte size */
+ while (user_hdrs[idx]) {
+ headers = curl_slist_append(headers, user_hdrs[idx]);
+ uhdr_len += strlen(user_hdrs[idx]) + 2;
+ idx++;
+ }
+
+ /* alloc buf to hold all hdr strings */
+ uhdr_buf = calloc(1, uhdr_len);
+ if (!uhdr_buf)
+ goto out;
+
+ /* copy and nul-terminate hdr keys and values for signing */
+ idx = 0;
+ p = uhdr_buf;
+ while (user_hdrs[idx]) {
+ ukey = p;
+ colon = strchr(user_hdrs[idx], ':');
+ if (colon) {
+ ukey_len = colon - user_hdrs[idx];
+ memcpy(ukey, user_hdrs[idx], ukey_len);
+ ukey[ukey_len] = 0;
+
+ p += ukey_len + 1;
+
+ colon++;
+ while (*colon && isspace(*colon))
+ colon++;
+
+ uval = p;
+ strcpy(uval, colon);
+ p += strlen(uval) + 1;
+
+ req_hdr_push(&req, ukey, uval);
+ }
+ idx++;
+ }
+ }
+
req_sign(&req, NULL, httpstor->key, hmac);
sprintf(auth, "Authorization: AWS %s:%s", httpstor->user, hmac);
@@ -471,15 +517,6 @@ bool httpstor_put(struct httpstor_client *httpstor, const char *bucket, const ch
headers = curl_slist_append(headers, datestr);
headers = curl_slist_append(headers, auth);
- if (user_hdrs) {
- int idx = 0;
-
- while (user_hdrs[idx]) {
- headers = curl_slist_append(headers, user_hdrs[idx]);
- idx++;
- }
- }
-
curl_easy_reset(httpstor->curl);
if (httpstor->verbose)
curl_easy_setopt(httpstor->curl, CURLOPT_VERBOSE, 1);
@@ -499,6 +536,8 @@ bool httpstor_put(struct httpstor_client *httpstor, const char *bucket, const ch
curl_slist_free_all(headers);
free(orig_path);
+out:
+ free(uhdr_buf);
return (rc == 0);
}
reply other threads:[~2010-03-07 17:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100307173517.GA28140@havoc.gtf.org \
--to=jeff@garzik.org \
--cc=hail-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).