Bug #45790
openrgw/s3 awsv4 streaming signatures - more robust/future proofing?
0%
Description
awsv4 streaming signatures use a variation of rfc 2616 chunked encoding, which includes provisoins for multiple keyword/value pairs. Only one is presently defined for awsv4, "chunk-signature". The current code in rgw to decode this header just assumes there is one keyword/value pair and does very limited checking even on that. To be more "future-proof", this code ought to have more robust parsing logic, and ought to be able to tolerate the addition of other unspecified fields without breaking.
As a minor technical note: note that this is not the same as transfer-encoding: chunked. It is possible to employ both transfer-encoding: chunked and awsv4 streaming signatures ("double chunking"). When this combination is fed through haproxy, the chunked transfer encoding is redone, but the unencoded data stream including awsv4 streaming signatures chunks must remain intact.
Updated by Marcus Watts almost 4 years ago
I have a possible fix for this coded up which I plan to post shortly.
Updated by Marcus Watts almost 4 years ago
I have a fix for this that's contained in this PR:
https://github.com/ceph/ceph/pull/35350
The fix for this is independent of beast/civetweb, but other commits in the PR need parallel changes in civetweb.
Updated by Casey Bodley almost 4 years ago
- Status changed from New to In Progress
- Assignee set to Marcus Watts