fix: Checks that x-amz-decoded-content-length matches the actual payload in unsigned streaming upload

Fixes #1676 `x-amz-decoded-content-length` in streaming uploads specifies the number of actual data-payload bytes, with encoding characters removed. If the value does not match the actual payload after decoding, now an `IncompleteBody` error is returned.
2026-01-05 11:24:52 +00:00 · 2025-12-05 22:56:37 +04:00
parent 0afe6eb204
commit 0a2a23d943
6 changed files with 77 additions and 8 deletions
--- a/s3err/s3err.go
+++ b/s3err/s3err.go
@@ -121,6 +121,7 @@ const (
 	ErrInvalidSHA256Paylod
 	ErrUnsupportedAnonymousSignedStreaming
 	ErrMissingContentLength
+	ErrContentLengthMismatch
 	ErrInvalidAccessKeyID
 	ErrRequestNotReadyYet
 	ErrMissingDateHeader
@@ -520,6 +521,11 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "You must provide the Content-Length HTTP header.",
 		HTTPStatusCode: http.StatusLengthRequired,
 	},
+	ErrContentLengthMismatch: {
+		Code:           "IncompleteBody",
+		Description:    "You did not provide the number of bytes specified by the Content-Length HTTP header",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrMissingDateHeader: {
 		Code:           "AccessDenied",
 		Description:    "AWS authentication requires a valid Date or x-amz-date header.",