aws-sigv4: make signature work when post data is binary

User sets the post fields size for binary data.  Hence, we should not be
using strlen on it.

Added test 1937 and 1938 to verify.

Closes #7844

diff --git a/.mailmap b/.mailmap
index 7ecb619ca58a01d4270d34e7a5b51b56e22069e1..32dd541a23895a486f089f71c0ff2cd842f71c3b 100644 (file)
--- a/.mailmap
+++ b/.mailmap
@@ -80,3 +80,4 @@ Michał Antoniak <47522782+MAntoniak@users.noreply.github.com>
 Gleb Ivanovsky <gl.ivanovsky@gmail.com>
 Max Dymond <max.dymond@microsoft.com> <max.dymond@metaswitch.com>
 Max Dymond <max.dymond@microsoft.com> <cmeister2@gmail.com>
+Abhinav Singh <theawless@gmail.com>

diff --git a/lib/http_aws_sigv4.c b/lib/http_aws_sigv4.c
index 8b87e1f08ddc75ddcbb33fb458d6c580ee27837e..cbbecb712987dd13768d9037d2fd06aaa3aabd41 100644 (file)
--- a/lib/http_aws_sigv4.c
+++ b/lib/http_aws_sigv4.c
@@ -92,6 +92,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   char *signed_headers = NULL;
   Curl_HttpReq httpreq;
   const char *method;
+  size_t post_data_len;
   const char *post_data = data->set.postfields ? data->set.postfields : "";
   unsigned char sha_hash[32];
   char sha_hex[65];
@@ -281,8 +282,12 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
     goto fail;
   }
 
+  if(data->set.postfieldsize < 0)
+    post_data_len = strlen(post_data);
+  else
+    post_data_len = (size_t)data->set.postfieldsize;
   Curl_sha256it(sha_hash,
-                (const unsigned char *) post_data, strlen(post_data));
+                (const unsigned char *) post_data, post_data_len);
   sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex));
 
   Curl_http_method(data, conn, &method, &httpreq);

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index ffdabb4c827f98024964cccbbabe751868379f18..79e720fa56897b2ba23cf2174dadb2c08a0f65f4 100644 (file)
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -215,7 +215,7 @@ test1800 test1801 \
 test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
 test1916 test1917 test1918 \
 \
-test1933 test1934 test1935 test1936 \
+test1933 test1934 test1935 test1936 test1937 test1938 \
 \
 test2000 test2001 test2002 test2003 test2004 \
 \

diff --git a/tests/data/test1937 b/tests/data/test1937
new file mode 100644 (file)
index 0000000..e24445a
--- /dev/null
+++ b/tests/data/test1937
@@ -0,0 +1,72 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data2>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+
+<name>
+HTTP POST with AWS_SIGV4
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER/testapi/test
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol nonewline="yes">
+POST /%TESTNUMBER/testapi/test HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+Authorization: PROVIDER14-HMAC-SHA256 Credential=keyId/19700101/region/service/provider14_request, SignedHeaders=content-type;host;x-provider2-date, Signature=391e410177d0e9ee80728082446ef69d6b29157fe71f8b4805fce7c186fd956d\r
+X-Provider2-Date: 19700101T000000Z\r
+Content-Length: 8\r
+\r
+postData
+</protocol>
+</verify>
+</testcase>

diff --git a/tests/data/test1938 b/tests/data/test1938
new file mode 100644 (file)
index 0000000..5341de0
Binary files /dev/null and b/tests/data/test1938 differ

diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index ade1012905d3c48920915433c2f80ba53b77104e..8cea7c0146db65863c6e3cd76e6fd2004b45b8c8 100644 (file)
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -61,7 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
  lib1591 lib1592 lib1593 lib1594 lib1596 \
          lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
          lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
-         lib3010
+ lib1937 lib1938 lib3010
 
 chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
  ../../lib/curl_ctype.c  ../../lib/dynbuf.c ../../lib/strdup.c
@@ -707,6 +707,14 @@ lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1936_LDADD = $(TESTUTIL_LIBS)
 lib1936_CPPFLAGS = $(AM_CPPFLAGS)
 
+lib1937_SOURCES = lib1937.c $(SUPPORTFILES)
+lib1937_LDADD = $(TESTUTIL_LIBS)
+lib1937_CPPFLAGS = $(AM_CPPFLAGS)
+
+lib1938_SOURCES = lib1938.c $(SUPPORTFILES)
+lib1938_LDADD = $(TESTUTIL_LIBS)
+lib1938_CPPFLAGS = $(AM_CPPFLAGS)
+
 lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3010_LDADD = $(TESTUTIL_LIBS)
 lib3010_CPPFLAGS = $(AM_CPPFLAGS)

diff --git a/tests/libtest/lib1937.c b/tests/libtest/lib1937.c
new file mode 100644 (file)
index 0000000..d544de0
--- /dev/null
+++ b/tests/libtest/lib1937.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_POST, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "provider1:provider2:region:service");
+  test_setopt(curl, CURLOPT_USERPWD, "keyId:SecretKey");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  test_setopt(curl, CURLOPT_POSTFIELDS, "postData");
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}

diff --git a/tests/libtest/lib1938.c b/tests/libtest/lib1938.c
new file mode 100644 (file)
index 0000000..3ddd35c
--- /dev/null
+++ b/tests/libtest/lib1938.c
@@ -0,0 +1,66 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+  unsigned char data[] = {0x70, 0x6f, 0x73, 0x74, 0, 0x44, 0x61, 0x74, 0x61};
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_POST, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "provider1:provider2:region:service");
+  test_setopt(curl, CURLOPT_USERPWD, "keyId:SecretKey");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  test_setopt(curl, CURLOPT_POSTFIELDS, data);
+  test_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)sizeof(data));
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}