diff options
| -rw-r--r-- | weed/s3api/chunked_reader_v4.go | 1 | ||||
| -rw-r--r-- | weed/s3api/chunked_reader_v4_test.go | 11 |
2 files changed, 10 insertions, 2 deletions
diff --git a/weed/s3api/chunked_reader_v4.go b/weed/s3api/chunked_reader_v4.go index 39d8336f0..c21b57009 100644 --- a/weed/s3api/chunked_reader_v4.go +++ b/weed/s3api/chunked_reader_v4.go @@ -369,7 +369,6 @@ func (cr *s3ChunkedReader) Read(buf []byte) (n int, err error) { // If we're at the end of a chunk. if cr.n == 0 { cr.state = readChunkTrailer - continue } case verifyChunk: // Check if we have credentials for signature verification diff --git a/weed/s3api/chunked_reader_v4_test.go b/weed/s3api/chunked_reader_v4_test.go index c9bad1d8a..b797bf340 100644 --- a/weed/s3api/chunked_reader_v4_test.go +++ b/weed/s3api/chunked_reader_v4_test.go @@ -285,7 +285,16 @@ func TestSignedStreamingUploadInvalidSignature(t *testing.T) { // Build the chunked payload with INTENTIONALLY WRONG chunk signature // We'll use a modified signature to simulate a tampered request - wrongChunkSignature := strings.Replace(chunk1Signature, "a", "b", 1) + wrongChunkSignatureBytes := []byte(chunk1Signature) + if len(wrongChunkSignatureBytes) > 0 { + // Flip the first hex character to guarantee a different signature + if wrongChunkSignatureBytes[0] == '0' { + wrongChunkSignatureBytes[0] = '1' + } else { + wrongChunkSignatureBytes[0] = '0' + } + } + wrongChunkSignature := string(wrongChunkSignatureBytes) payload := fmt.Sprintf("400;chunk-signature=%s\r\n%s\r\n", wrongChunkSignature, chunk1Data) + fmt.Sprintf("0;chunk-signature=%s\r\n\r\n", finalSignature) |