Merge pull request #8803 from tangledbytes/utkarsh/backport/5.17.x/8715

liranmauda · web-flow · commit a08180c4015e · 2025-02-18T11:39:54.000+02:00
[Backport 5.17] Fix key and bucket length checks - make it byte count
diff --git a/src/endpoint/s3/s3_rest.js b/src/endpoint/s3/s3_rest.js
@@ -13,6 +13,7 @@ const time_utils = require('../../util/time_utils');
 const http_utils = require('../../util/http_utils');
 const signature_utils = require('../../util/signature_utils');
 const config = require('../../../config');
+const s3_utils = require('./s3_utils');
 
 const S3_MAX_BODY_LEN = 4 * 1024 * 1024;
 
@@ -341,10 +342,10 @@ function get_bucket_and_key(req) {
         }
     }
 
-    if (key?.length > config.S3_MAX_KEY_LENGTH) {
+    if (key?.length && !s3_utils.verify_string_byte_length(key, config.S3_MAX_KEY_LENGTH)) {
         throw new S3Error(S3Error.KeyTooLongError);
     }
-    if (bucket?.length > config.S3_MAX_BUCKET_NAME_LENGTH) {
+    if (bucket?.length && !s3_utils.verify_string_byte_length(bucket, config.S3_MAX_BUCKET_NAME_LENGTH)) {
         throw new S3Error(S3Error.InvalidBucketName);
     }
 
diff --git a/src/endpoint/s3/s3_utils.js b/src/endpoint/s3/s3_utils.js
@@ -724,6 +724,24 @@ function parse_restore_request_days(req) {
     return days;
 }
 
+/**
+ * Returns true if the byte length of the key
+ * is within the range [0, max_length]
+ * @param {string} key 
+ * @param {number} max_length 
+ * @returns 
+ */
+function verify_string_byte_length(key, max_length) {
+    // Fast path
+    const MAX_UTF8_WIDTH = 4;
+    if (key.length * MAX_UTF8_WIDTH <= max_length) {
+        return true;
+    }
+
+    // Slow path
+    return Buffer.byteLength(key, 'utf8') <= max_length;
+}
+
 exports.STORAGE_CLASS_STANDARD = STORAGE_CLASS_STANDARD;
 exports.STORAGE_CLASS_GLACIER = STORAGE_CLASS_GLACIER;
 exports.STORAGE_CLASS_GLACIER_IR = STORAGE_CLASS_GLACIER_IR;
@@ -763,3 +781,4 @@ exports.parse_version_id = parse_version_id;
 exports.get_object_owner = get_object_owner;
 exports.get_default_object_owner = get_default_object_owner;
 exports.set_response_supported_storage_classes = set_response_supported_storage_classes;
+exports.verify_string_byte_length = verify_string_byte_length;

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ const time_utils = require('../../util/time_utils');`
`13`	`13`	`const http_utils = require('../../util/http_utils');`
`14`	`14`	`const signature_utils = require('../../util/signature_utils');`
`15`	`15`	`const config = require('../../../config');`
	`16`	`+const s3_utils = require('./s3_utils');`
`16`	`17`
`17`	`18`	`const S3_MAX_BODY_LEN = 4 * 1024 * 1024;`
`18`	`19`
`@@ -341,10 +342,10 @@ function get_bucket_and_key(req) {`
`341`	`342`	`}`
`342`	`343`	`}`
`343`	`344`
`344`		`- if (key?.length > config.S3_MAX_KEY_LENGTH) {`
	`345`	`+ if (key?.length && !s3_utils.verify_string_byte_length(key, config.S3_MAX_KEY_LENGTH)) {`
`345`	`346`	`throw new S3Error(S3Error.KeyTooLongError);`
`346`	`347`	`}`
`347`		`- if (bucket?.length > config.S3_MAX_BUCKET_NAME_LENGTH) {`
	`348`	`+ if (bucket?.length && !s3_utils.verify_string_byte_length(bucket, config.S3_MAX_BUCKET_NAME_LENGTH)) {`
`348`	`349`	`throw new S3Error(S3Error.InvalidBucketName);`
`349`	`350`	`}`
`350`	`351`