awssigv4: fix signing of 0-byte object

1. correctly match signature of 0-length chunk 2. initialize lf_bytes Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
2025-02-23 19:17:37 +00:00 · 2024-01-11 18:12:22 -05:00 · 2024-01-11 18:12:22 -05:00 · dc3063786c
commit dc3063786c
parent e2a65f1d07
5 changed files with 14 additions and 4 deletions
--- a/qa/workunits/rgw/jcksum/file-0b
+++ b/qa/workunits/rgw/jcksum/file-0b
--- a/qa/workunits/rgw/jcksum/src/main/java/io/ceph/jcksum/jcksum.java
+++ b/qa/workunits/rgw/jcksum/src/main/java/io/ceph/jcksum/jcksum.java
@ -42,6 +42,7 @@ public class jcksum {
 	/* files containing test data of the corresponding names/sizes */
 	public static Stream<String> inputFileNames() {
 	    return Stream.of(
+          "file-0b",
 	    		"file-8b",
 	    		"file-200b",
 	    		"file-21983b",
--- a/qa/workunits/rgw/test_awssdkv4_sig.sh
+++ b/qa/workunits/rgw/test_awssdkv4_sig.sh
@ -39,4 +39,4 @@ pushd jcksum
 ./mvnw clean package
 ./mvnw test -Dtest=PutObjects

-exit 0
+exit
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@ -1187,10 +1187,18 @@ bool AWSv4ComplMulti::is_signature_mismatched()
 		     << calc_signature << dendl;
    ldout(cct(), 16) << "AWSv4ComplMulti: prev_chunk_signature="
 		     << prev_chunk_signature << dendl;
-
  }

-  if (chunk_meta.get_signature() != calc_signature) {
+  auto match_signatures = [&]() -> bool {
+    /* sentinel case: 0-length chunk, likely chunk 0 */
+    if (chunk_meta.get_offset() == 0) [[unlikely]] {
+      return chunk_meta.get_signature() == prev_chunk_signature;
+    }
+    /* all other cases */
+    return chunk_meta.get_signature() == calc_signature;
+  };
+
+  if (! match_signatures()) [[unlikely]] {
    ldout(cct(), 16) << "AWSv4ComplMulti: ERROR: chunk signature mismatch"
                   << dendl;
    return true;
@ -1198,7 +1206,7 @@ bool AWSv4ComplMulti::is_signature_mismatched()
    prev_chunk_signature = chunk_meta.get_signature();
    return false;
  }
-}
+} /* AWSv4ComplMulti::is_signature_mismatched */

 AWSv4ComplMulti::ReceiveChunkResult AWSv4ComplMulti::recv_chunk(
  char* const buf, const size_t buf_max, uint32_t cnt, bool& eof)
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@ -410,6 +410,7 @@ class AWSv4ComplMulti : public rgw::auth::Completer,
      /* The evolving state. */
      chunk_meta(ChunkMeta::create_first(
 		   seed_signature, flags, 0 /* first call in cycle */)),
+      lf_bytes(0),
      stream_pos(0),
      sha256_hash(calc_hash_sha256_open_stream()),
      prev_chunk_signature(std::move(seed_signature))