Commit 587a5ae8 authored by Antony Chazapis's avatar Antony Chazapis

Check only user-defined meta for size limits.

Fixes #2053
parent b761f9eb
......@@ -119,8 +119,18 @@ def get_header_prefix(request, prefix):
# TODO: Document or remove '~' replacing.
return dict([(format_header_key(k[5:]), v.replace('~', '')) for k, v in request.META.iteritems() if k.startswith(prefix) and len(k) > len(prefix)])
def check_meta_headers(meta):
if len(meta) > 90:
raise BadRequest('Too many headers.')
for k, v in meta.iteritems():
if len(k) > 128:
raise BadRequest('Header name too large.')
if len(v) > 256:
raise BadRequest('Header value too large.')
def get_account_headers(request):
meta = get_header_prefix(request, 'X-Account-Meta-')
check_meta_headers(meta)
groups = {}
for k, v in get_header_prefix(request, 'X-Account-Group-').iteritems():
n = k[16:].lower()
......@@ -151,6 +161,7 @@ def put_account_headers(response, meta, groups, policy):
def get_container_headers(request):
meta = get_header_prefix(request, 'X-Container-Meta-')
check_meta_headers(meta)
policy = dict([(k[19:].lower(), v.replace(' ', '')) for k, v in get_header_prefix(request, 'X-Container-Policy-').iteritems()])
return meta, policy
......@@ -174,6 +185,7 @@ def put_container_headers(request, response, meta, policy):
def get_object_headers(request):
content_type = request.META.get('CONTENT_TYPE', None)
meta = get_header_prefix(request, 'X-Object-Meta-')
check_meta_headers(meta)
if request.META.get('HTTP_CONTENT_ENCODING'):
meta['Content-Encoding'] = request.META['HTTP_CONTENT_ENCODING']
if request.META.get('HTTP_CONTENT_DISPOSITION'):
......@@ -782,16 +794,9 @@ def get_backend():
return backend
def update_request_headers(request):
# Handle URL-encoded keys and values.
# Handle URL-encoded keys and values.
meta = dict([(k, v) for k, v in request.META.iteritems() if k.startswith('HTTP_')])
if len(meta) > 90:
raise BadRequest('Too many headers.')
for k, v in meta.iteritems():
if len(k) > 128:
raise BadRequest('Header name too large.')
if len(v) > 256:
raise BadRequest('Header value too large.')
try:
k.decode('ascii')
v.decode('ascii')
......
......@@ -44,9 +44,9 @@ class Groups(DBWorker):
DBWorker.__init__(self, **params)
metadata = MetaData()
columns=[]
columns.append(Column('owner', String(255), primary_key=True))
columns.append(Column('name', String(255), primary_key=True))
columns.append(Column('member', String(255), primary_key=True))
columns.append(Column('owner', String(256), primary_key=True))
columns.append(Column('name', String(256), primary_key=True))
columns.append(Column('member', String(256), primary_key=True))
self.groups = Table('groups', metadata, *columns, mysql_engine='InnoDB')
# place an index on member
......
......@@ -122,8 +122,7 @@ class Node(DBWorker):
ondelete='CASCADE',
onupdate='CASCADE'),
autoincrement=False))
path_length = 2048
columns.append(Column('path', String(path_length), default='', nullable=False))
columns.append(Column('path', String(2048), default='', nullable=False))
self.nodes = Table('nodes', metadata, *columns, mysql_engine='InnoDB')
Index('idx_nodes_path', self.nodes.c.path, unique=True)
......@@ -134,8 +133,8 @@ class Node(DBWorker):
ondelete='CASCADE',
onupdate='CASCADE'),
primary_key=True))
columns.append(Column('key', String(255), primary_key=True))
columns.append(Column('value', String(255)))
columns.append(Column('key', String(128), primary_key=True))
columns.append(Column('value', String(256)))
self.policies = Table('policy', metadata, *columns, mysql_engine='InnoDB')
#create statistics table
......@@ -159,14 +158,14 @@ class Node(DBWorker):
ForeignKey('nodes.node',
ondelete='CASCADE',
onupdate='CASCADE')))
columns.append(Column('hash', String(255)))
columns.append(Column('hash', String(256)))
columns.append(Column('size', BigInteger, nullable=False, default=0))
columns.append(Column('type', String(255), nullable=False, default=''))
columns.append(Column('type', String(256), nullable=False, default=''))
columns.append(Column('source', Integer))
columns.append(Column('mtime', DECIMAL(precision=16, scale=6)))
columns.append(Column('muser', String(255), nullable=False, default=''))
columns.append(Column('muser', String(256), nullable=False, default=''))
columns.append(Column('uuid', String(64), nullable=False, default=''))
columns.append(Column('checksum', String(255), nullable=False, default=''))
columns.append(Column('checksum', String(256), nullable=False, default=''))
columns.append(Column('cluster', Integer, nullable=False, default=0))
self.versions = Table('versions', metadata, *columns, mysql_engine='InnoDB')
Index('idx_versions_node_mtime', self.versions.c.node, self.versions.c.mtime)
......@@ -179,9 +178,9 @@ class Node(DBWorker):
ondelete='CASCADE',
onupdate='CASCADE'),
primary_key=True))
columns.append(Column('domain', String(255), primary_key=True))
columns.append(Column('key', String(255), primary_key=True))
columns.append(Column('value', String(255)))
columns.append(Column('domain', String(256), primary_key=True))
columns.append(Column('key', String(128), primary_key=True))
columns.append(Column('value', String(256)))
self.attributes = Table('attributes', metadata, *columns, mysql_engine='InnoDB')
metadata.create_all(self.engine)
......
......@@ -62,7 +62,7 @@ class XFeatures(DBWorker):
primary_key=True))
columns.append(Column('key', Integer, primary_key=True,
autoincrement=False))
columns.append(Column('value', String(255), primary_key=True))
columns.append(Column('value', String(256), primary_key=True))
self.xfeaturevals = Table('xfeaturevals', metadata, *columns, mysql_engine='InnoDB')
metadata.create_all(self.engine)
......
......@@ -1416,7 +1416,7 @@ class ObjectPost(BaseTestCase):
self.containers[0],
self.obj[0]['name']):
#perform update metadata
more = {'foo':'foo', 'bar':'bar'}
more = {'foo': 'foo', 'bar': 'bar', 'f' * 114: 'b' * 256}
status = self.client.update_object_metadata(self.containers[0],
self.obj[0]['name'],
**more)[0]
......@@ -1431,6 +1431,13 @@ class ObjectPost(BaseTestCase):
for k,v in more.items():
self.assertTrue(k in headers.keys())
self.assertTrue(headers[k], v)
#out of limits
more = {'f' * 114: 'b' * 257}
self.assert_raises_fault(400, self.client.update_object_metadata,
self.containers[0],
self.obj[0]['name'],
**more)
def test_update_object(self,
first_byte_pos=0,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment