gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

do md5 validation AFTER decompression

Browse source
This commit is contained in:
Kimbsen 2020-06-24 13:35:13 +02:00
parent 6b1e93ba0b
commit ffddecebef
1 changed files with 11 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
weed/storage/needle/needle_parse_upload.go
View file

@ -81,6 +81,16 @@ func ParseUpload(r *http.Request, sizeLimit int64) (pu *ParsedUpload, e error) {
}
}
}
if expectedChecksum := r.Header.Get("Content-MD5"); expectedChecksum != "" {
h := md5.New()
h.Write(pu.UncompressedData)
if receivedChecksum := fmt.Sprintf("%x", h.Sum(nil)); expectedChecksum != receivedChecksum {
e = fmt.Errorf("Content-MD5 did not match md5 of file data [%s] != [%s]", expectedChecksum, receivedChecksum)
return
}
}
return
}
@ -96,21 +106,6 @@ func parsePut(r *http.Request, sizeLimit int64, pu *ParsedUpload) (e error) {
return nil
}
type ChecksumReader struct {
h hash.Hash
r io.Reader
}
func (cr *ChecksumReader) Read(p []byte) (int, error) {
n, err := cr.r.Read(p)
cr.h.Write(p[:n])
return n, err
}
func (cr *ChecksumReader) Checksum() string {
return fmt.Sprintf("%x", cr.h.Sum(nil))
}
func parseMultipart(r *http.Request, sizeLimit int64, pu *ParsedUpload) (e error) {
defer func() {
if e != nil && r.Body != nil {
@ -138,26 +133,7 @@ func parseMultipart(r *http.Request, sizeLimit int64, pu *ParsedUpload) (e error
pu.FileName = path.Base(pu.FileName)
}
reader := io.LimitReader(part, sizeLimit+1)
if expectedChecksum := r.Header.Get("Content-MD5"); expectedChecksum != "" {
if r.Header.Get("Content-Encoding") == "gzip" {
gr, err := gzip.NewReader(reader)
if err != nil {
e = fmt.Errorf("Content-Encoding == gzip but content was not gzipped: %s", err)
return
}
reader = gr
}
cr := &ChecksumReader{md5.New(), reader}
pu.Data, e = ioutil.ReadAll(cr)
if expectedChecksum != cr.Checksum() {
e = fmt.Errorf("Content-MD5 did not match md5 of file data [%s] != [%s]", expectedChecksum, cr.Checksum())
return
}
} else {
pu.Data, e = ioutil.ReadAll(reader)
}
pu.Data, e = ioutil.ReadAll(io.LimitReader(part, sizeLimit+1))
if e != nil {
glog.V(0).Infoln("Reading Content [ERROR]", e)
return