mirror of
https://github.com/curl/curl.git
synced 2025-03-31 16:00:35 +08:00
lib: fix aws-sigv4 having date header twice in some cases
When the user was providing the header X-XXX-Date, the header was re-added during signature computation, and we had it twice in the request. Reported-by: apparentorder@users.noreply.github.com Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> Fixes: https://github.com/curl/curl/issues/11738 Closes: https://github.com/curl/curl/pull/11754
This commit is contained in:
parent
7f597ca12c
commit
b137634ba3
@ -214,15 +214,11 @@ static CURLcode make_headers(struct Curl_easy *data,
|
||||
if(!tmp_head)
|
||||
goto fail;
|
||||
head = tmp_head;
|
||||
*date_header = curl_maprintf("%s: %s", date_hdr_key, timestamp);
|
||||
*date_header = curl_maprintf("%s: %s\r\n", date_hdr_key, timestamp);
|
||||
}
|
||||
else {
|
||||
char *value;
|
||||
|
||||
*date_header = strdup(*date_header);
|
||||
if(!*date_header)
|
||||
goto fail;
|
||||
|
||||
value = strchr(*date_header, ':');
|
||||
if(!value)
|
||||
goto fail;
|
||||
@ -231,6 +227,7 @@ static CURLcode make_headers(struct Curl_easy *data,
|
||||
++value;
|
||||
strncpy(timestamp, value, TIMESTAMP_SIZE - 1);
|
||||
timestamp[TIMESTAMP_SIZE - 1] = 0;
|
||||
*date_header = NULL;
|
||||
}
|
||||
|
||||
/* alpha-sort in a case sensitive manner */
|
||||
@ -612,14 +609,19 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
|
||||
"Credential=%s/%s, "
|
||||
"SignedHeaders=%s, "
|
||||
"Signature=%s\r\n"
|
||||
"%s\r\n"
|
||||
/*
|
||||
* date_header is added here, only if it wasn't
|
||||
* user-specified (using CURLOPT_HTTPHEADER).
|
||||
* date_header includes \r\n
|
||||
*/
|
||||
"%s"
|
||||
"%s", /* optional sha256 header includes \r\n */
|
||||
provider0,
|
||||
user,
|
||||
credential_scope,
|
||||
Curl_dyn_ptr(&signed_headers),
|
||||
sha_hex,
|
||||
date_header,
|
||||
date_header ? date_header : "",
|
||||
content_sha256_hdr);
|
||||
if(!auth_headers) {
|
||||
goto fail;
|
||||
|
@ -224,7 +224,7 @@ test1916 test1917 test1918 test1919 \
|
||||
\
|
||||
test1933 test1934 test1935 test1936 test1937 test1938 test1939 test1940 \
|
||||
test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
|
||||
test1955 test1956 test1957 test1958 test1959 test1960 \
|
||||
test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
|
||||
test1970 test1971 test1972 test1973 test1974 test1975 \
|
||||
\
|
||||
test2000 test2001 test2002 test2003 test2004 \
|
||||
|
68
tests/data/test1964
Normal file
68
tests/data/test1964
Normal file
@ -0,0 +1,68 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
HTTP
|
||||
CURLOPT_AWS_SIGV4
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
# Server-side
|
||||
<reply>
|
||||
<data nocheck="yes">
|
||||
HTTP/1.1 302 OK
|
||||
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
Server: test-server/fake
|
||||
Content-Type: text/html
|
||||
Content-Length: 0
|
||||
Location: /%TESTNUMBER0002
|
||||
|
||||
</data>
|
||||
<data2>
|
||||
HTTP/1.1 200 OK
|
||||
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
Server: test-server/fake
|
||||
Content-Type: text/html
|
||||
Content-Length: 0
|
||||
|
||||
</data2>
|
||||
</reply>
|
||||
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
http
|
||||
</server>
|
||||
# this relies on the debug feature which allow to set the time
|
||||
<features>
|
||||
SSL
|
||||
crypto
|
||||
</features>
|
||||
|
||||
<name>
|
||||
HTTP AWS_SIGV4 with one provider and auth cred via URL, but X-Xxx-Date header set manually
|
||||
</name>
|
||||
<tool>
|
||||
lib%TESTNUMBER
|
||||
</tool>
|
||||
|
||||
<command>
|
||||
http://xxx:yyy@127.0.0.1:9000/%TESTNUMBER/testapi/test 127.0.0.1:9000:%HOSTIP:%HTTPPORT
|
||||
</command>
|
||||
</client>
|
||||
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<strip>
|
||||
^User-Agent:.*
|
||||
^Content-Type:.*
|
||||
^Accept:.*
|
||||
</strip>
|
||||
<protocol>
|
||||
GET /%TESTNUMBER/testapi/test HTTP/1.1
|
||||
Host: 127.0.0.1:9000
|
||||
Authorization: XXX4-HMAC-SHA256 Credential=xxx/19700101/0/127/xxx4_request, SignedHeaders=content-type;host;x-xxx-date, Signature=35da102c1df68f2ef85ade08ecc212fa663a66e3a973146f6578a5c5426e9669
|
||||
X-Xxx-Date: 19700101T000000Z
|
||||
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
@ -69,7 +69,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect libprereq \
|
||||
lib1915 lib1916 lib1917 lib1918 lib1919 \
|
||||
lib1933 lib1934 lib1935 lib1936 lib1937 lib1938 lib1939 lib1940 \
|
||||
lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
|
||||
lib1960 \
|
||||
lib1960 lib1964 \
|
||||
lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
|
||||
lib2301 lib2302 lib2304 lib2305 lib2306 \
|
||||
lib2402 lib2404 \
|
||||
@ -624,6 +624,9 @@ lib1959_LDADD = $(TESTUTIL_LIBS)
|
||||
lib1960_SOURCES = lib1960.c $(SUPPORTFILES)
|
||||
lib1960_LDADD = $(TESTUTIL_LIBS)
|
||||
|
||||
lib1964_SOURCES = lib1964.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
lib1964_LDADD = $(TESTUTIL_LIBS)
|
||||
|
||||
lib1970_SOURCES = lib1970.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
lib1970_LDADD = $(TESTUTIL_LIBS)
|
||||
|
||||
|
68
tests/libtest/lib1964.c
Normal file
68
tests/libtest/lib1964.c
Normal file
@ -0,0 +1,68 @@
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at https://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
* SPDX-License-Identifier: curl
|
||||
*
|
||||
***************************************************************************/
|
||||
#include "test.h"
|
||||
|
||||
#include "memdebug.h"
|
||||
|
||||
int test(char *URL)
|
||||
{
|
||||
CURL *curl;
|
||||
CURLcode res = CURLE_OK;
|
||||
struct curl_slist *connect_to = NULL;
|
||||
struct curl_slist *list = NULL, *tmp;
|
||||
|
||||
global_init(CURL_GLOBAL_ALL);
|
||||
easy_init(curl);
|
||||
|
||||
easy_setopt(curl, CURLOPT_VERBOSE, 1L);
|
||||
easy_setopt(curl, CURLOPT_AWS_SIGV4, "xxx");
|
||||
easy_setopt(curl, CURLOPT_URL, URL);
|
||||
if(libtest_arg2) {
|
||||
connect_to = curl_slist_append(connect_to, libtest_arg2);
|
||||
if(!connect_to) {
|
||||
res = CURLE_FAILED_INIT;
|
||||
goto test_cleanup;
|
||||
}
|
||||
}
|
||||
easy_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
|
||||
list = curl_slist_append(list, "Content-Type: application/json");
|
||||
tmp = curl_slist_append(list, "X-Xxx-Date: 19700101T000000Z");
|
||||
if(!list || !tmp) {
|
||||
res = CURLE_FAILED_INIT;
|
||||
goto test_cleanup;
|
||||
}
|
||||
list = tmp;
|
||||
easy_setopt(curl, CURLOPT_HTTPHEADER, list);
|
||||
|
||||
res = curl_easy_perform(curl);
|
||||
|
||||
test_cleanup:
|
||||
|
||||
curl_slist_free_all(connect_to);
|
||||
curl_slist_free_all(list);
|
||||
curl_easy_cleanup(curl);
|
||||
curl_global_cleanup();
|
||||
|
||||
return res;
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user