Bug #63926
open+ in object key leads to SignatureDoesNotMatch - uri encoding issue
0%
Description
There is a issue with + in object key name which leads to SignatureDoesNotMatch.
Based on my debug I think that the issue comes from the fact that function aws4_uri_recode is run before the + for %20 replacement as you can see here.
https://github.com/ceph/ceph/blob/main/src/rgw/rgw_auth_s3.h#L521
This means that the + will be recoded to %2b so the replace afterwards will not be applied -> SignatureDoesNotMatch
Because of this there is a AWS s3 and Ceph difference because on s3 the + will be recoded as %20
Updated by Casey Bodley 4 months ago
which client are you using to send these requests?
Updated by Ondrej Kukla 4 months ago
I'm usually using Postman for testing, but we've found the issue while using our AWS sigv4 Lua implementation in Nginx that we use against s3 storages for some time.
I also have a screenshot of a debug rgw log to prove my issue. You can see it here - https://ibb.co/y8gw0HN and
https://ibb.co/prm6mMn
Let me know if you need more information.