lib: fix aws-sigv4 having date header twice in some cases

When the user was providing the header X-XXX-Date, the header was
re-added during signature computation, and we had it twice in the
request.

Reported-by: apparentorder@users.noreply.github.com

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Fixes: https://github.com/curl/curl/issues/11738
Closes: https://github.com/curl/curl/pull/11754
This commit is contained in:
Matthias Gatto 2023-08-28 13:38:20 +02:00 committed by Jay Satiro
parent 7f597ca12c
commit b137634ba3
5 changed files with 150 additions and 9 deletions

View File

@ -214,15 +214,11 @@ static CURLcode make_headers(struct Curl_easy *data,
if(!tmp_head)
goto fail;
head = tmp_head;
*date_header = curl_maprintf("%s: %s", date_hdr_key, timestamp);
*date_header = curl_maprintf("%s: %s\r\n", date_hdr_key, timestamp);
}
else {
char *value;
*date_header = strdup(*date_header);
if(!*date_header)
goto fail;
value = strchr(*date_header, ':');
if(!value)
goto fail;
@ -231,6 +227,7 @@ static CURLcode make_headers(struct Curl_easy *data,
++value;
strncpy(timestamp, value, TIMESTAMP_SIZE - 1);
timestamp[TIMESTAMP_SIZE - 1] = 0;
*date_header = NULL;
}
/* alpha-sort in a case sensitive manner */
@ -612,14 +609,19 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
"Credential=%s/%s, "
"SignedHeaders=%s, "
"Signature=%s\r\n"
"%s\r\n"
/*
* date_header is added here, only if it wasn't
* user-specified (using CURLOPT_HTTPHEADER).
* date_header includes \r\n
*/
"%s"
"%s", /* optional sha256 header includes \r\n */
provider0,
user,
credential_scope,
Curl_dyn_ptr(&signed_headers),
sha_hex,
date_header,
date_header ? date_header : "",
content_sha256_hdr);
if(!auth_headers) {
goto fail;

View File

@ -224,7 +224,7 @@ test1916 test1917 test1918 test1919 \
\
test1933 test1934 test1935 test1936 test1937 test1938 test1939 test1940 \
test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
test1955 test1956 test1957 test1958 test1959 test1960 \
test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
test1970 test1971 test1972 test1973 test1974 test1975 \
\
test2000 test2001 test2002 test2003 test2004 \

68
tests/data/test1964 Normal file
View File

@ -0,0 +1,68 @@
<testcase>
<info>
<keywords>
HTTP
CURLOPT_AWS_SIGV4
</keywords>
</info>
# Server-side
<reply>
<data nocheck="yes">
HTTP/1.1 302 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Type: text/html
Content-Length: 0
Location: /%TESTNUMBER0002
</data>
<data2>
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Type: text/html
Content-Length: 0
</data2>
</reply>
# Client-side
<client>
<server>
http
</server>
# this relies on the debug feature which allow to set the time
<features>
SSL
crypto
</features>
<name>
HTTP AWS_SIGV4 with one provider and auth cred via URL, but X-Xxx-Date header set manually
</name>
<tool>
lib%TESTNUMBER
</tool>
<command>
http://xxx:yyy@127.0.0.1:9000/%TESTNUMBER/testapi/test 127.0.0.1:9000:%HOSTIP:%HTTPPORT
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
^Content-Type:.*
^Accept:.*
</strip>
<protocol>
GET /%TESTNUMBER/testapi/test HTTP/1.1
Host: 127.0.0.1:9000
Authorization: XXX4-HMAC-SHA256 Credential=xxx/19700101/0/127/xxx4_request, SignedHeaders=content-type;host;x-xxx-date, Signature=35da102c1df68f2ef85ade08ecc212fa663a66e3a973146f6578a5c5426e9669
X-Xxx-Date: 19700101T000000Z
</protocol>
</verify>
</testcase>

View File

@ -69,7 +69,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect libprereq \
lib1915 lib1916 lib1917 lib1918 lib1919 \
lib1933 lib1934 lib1935 lib1936 lib1937 lib1938 lib1939 lib1940 \
lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
lib1960 \
lib1960 lib1964 \
lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
lib2301 lib2302 lib2304 lib2305 lib2306 \
lib2402 lib2404 \
@ -624,6 +624,9 @@ lib1959_LDADD = $(TESTUTIL_LIBS)
lib1960_SOURCES = lib1960.c $(SUPPORTFILES)
lib1960_LDADD = $(TESTUTIL_LIBS)
lib1964_SOURCES = lib1964.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1964_LDADD = $(TESTUTIL_LIBS)
lib1970_SOURCES = lib1970.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1970_LDADD = $(TESTUTIL_LIBS)

68
tests/libtest/lib1964.c Normal file
View File

@ -0,0 +1,68 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "test.h"
#include "memdebug.h"
int test(char *URL)
{
CURL *curl;
CURLcode res = CURLE_OK;
struct curl_slist *connect_to = NULL;
struct curl_slist *list = NULL, *tmp;
global_init(CURL_GLOBAL_ALL);
easy_init(curl);
easy_setopt(curl, CURLOPT_VERBOSE, 1L);
easy_setopt(curl, CURLOPT_AWS_SIGV4, "xxx");
easy_setopt(curl, CURLOPT_URL, URL);
if(libtest_arg2) {
connect_to = curl_slist_append(connect_to, libtest_arg2);
if(!connect_to) {
res = CURLE_FAILED_INIT;
goto test_cleanup;
}
}
easy_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
list = curl_slist_append(list, "Content-Type: application/json");
tmp = curl_slist_append(list, "X-Xxx-Date: 19700101T000000Z");
if(!list || !tmp) {
res = CURLE_FAILED_INIT;
goto test_cleanup;
}
list = tmp;
easy_setopt(curl, CURLOPT_HTTPHEADER, list);
res = curl_easy_perform(curl);
test_cleanup:
curl_slist_free_all(connect_to);
curl_slist_free_all(list);
curl_easy_cleanup(curl);
curl_global_cleanup();
return res;
}