From ce2d185211c1cd145901718b92cc27cc9a630d95 Mon Sep 17 00:00:00 2001
From: poornas <poornas@users.noreply.github.com>
Date: Fri, 29 Sep 2017 12:07:44 -0700
Subject: [PATCH] Add maxKeys validation for azure and gcs gateway (#4999)

Gateway implementation of ListObjectsV1 does not validate maxKeys range.
Raise an InvalidArgument when maxKeys is negative so that ListObjects
call is compatible with S3 on all gateways.
---
 cmd/gateway-handlers.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cmd/gateway-handlers.go b/cmd/gateway-handlers.go
index c995b0506..2496079ac 100644
--- a/cmd/gateway-handlers.go
+++ b/cmd/gateway-handlers.go
@@ -716,6 +716,13 @@ func (api gatewayAPIHandlers) ListObjectsV1Handler(w http.ResponseWriter, r *htt
 	// gateway backends.
 	prefix, marker, delimiter, maxKeys, _ := getListObjectsV1Args(r.URL.Query())
 
+	// Validate the maxKeys lowerbound. When maxKeys > 1000, S3 returns 1000 but
+	// does not throw an error.
+	if maxKeys < 0 {
+		writeErrorResponse(w, ErrInvalidMaxKeys, r.URL)
+		return
+	}
+
 	listObjects := objectAPI.ListObjects
 	if reqAuthType == authTypeAnonymous {
 		listObjects = objectAPI.AnonListObjects