commit 4fce274c50112e02360993c4eeaafe811fcc757c
Author: Kota Tsuyuzaki <email address hidden>
Date: Wed Nov 25 14:16:06 2015 -0800
Fix date validation
According to [1] when an Authorization header is specified, either a
Date or x-amz-date header needs to be specified, with the x-amz-date
header taking precedence.
Now, the x-amz-date header is validated first, and if both headers are
missing, an AccessDenied error should be returned. This should prevent
replay attacks occurring on valid requests that are missing the Date
header.
Reviewed: https:/ /review. openstack. org/255067 /git.openstack. org/cgit/ openstack/ swift3/ commit/ ?id=4fce274c501 12e02360993c4ee aafe811fcc757c
Committed: https:/
Submitter: Jenkins
Branch: master
commit 4fce274c50112e0 2360993c4eeaafe 811fcc757c
Author: Kota Tsuyuzaki <email address hidden>
Date: Wed Nov 25 14:16:06 2015 -0800
Fix date validation
According to [1] when an Authorization header is specified, either a
Date or x-amz-date header needs to be specified, with the x-amz-date
header taking precedence.
Now, the x-amz-date header is validated first, and if both headers are
missing, an AccessDenied error should be returned. This should prevent
replay attacks occurring on valid requests that are missing the Date
header.
[1] docs.aws. amazon. com/AmazonS3/ latest/ API/RESTCommonR equestHeaders.
http://
html
N.B. This also fixes some pylint issues and dependencies
Closes-Bug: 1497424
SecurityImpact
[CVE-2015-8466]
Co-Authored-By: Darryl Tam <email address hidden>
Co-Authored-By: Tim Burke <email address hidden>
Change-Id: Ibeff8503fa147e 1cf08c1b5374aec ee7a4c0bee2