versitygw

mirror of https://github.com/versity/versitygw.git synced 2026-01-07 04:06:23 +00:00

Files

Ben McClelland 748912fb3d fix: prevent panic with malformed chunk encoding

An invalid chunk encoding, or parse errors leading to parsing
invalid data can lead to a server panic if the chunk header
remaining is determined to be larger than the max buffer size.

This was previously seen when the chunk trailer checksums were
used by the client without the support from the server side
for this encoding.  Example panic:

 panic: runtime error: slice bounds out of range [4088:1024]

 goroutine 5 [running]:
 github.com/versity/versitygw/s3api/utils.(*ChunkReader).parseChunkHeaderBytes(0xc0003c4280, {0xc0000e6000?, 0x3000?, 0x423525?})
 	/home/tester/s3api/utils/chunk-reader.go:242 +0x492
 github.com/versity/versitygw/s3api/utils.(*ChunkReader).parseAndRemoveChunkInfo(0xc0003c4280, {0xc0000e6000, 0x3000, 0x8000})
 	/home/tester/s3api/utils/chunk-reader.go:170 +0x20b
 github.com/versity/versitygw/s3api/utils.(*ChunkReader).Read(0xc0003c4280, {0xc0000e6000, 0xc0000b41e0?, 0x8000})
 	/home/tester/s3api/utils/chunk-reader.go:91 +0x11e

This fix will validate the data length before copying into the
temporary buffer to prevent a panic and instead just return
an error.

2025-01-31 16:22:25 -08:00

controllers

fix: Fixes the response body streaming for GetObject, implementing a chunk streamer

2025-01-15 23:11:04 +04:00

middlewares

feat: Implements streaming unsigned payload reader with trailers

2025-01-31 13:29:34 -08:00

utils

fix: prevent panic with malformed chunk encoding

2025-01-31 16:22:25 -08:00

admin-router.go

feat: Implemented server access logs with file for Admin APIs