awssigv4: fix signing of 0-byte object

1. correctly match signature of 0-length chunk
2. initialize lf_bytes

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

diff --git a/qa/workunits/rgw/jcksum/file-0b b/qa/workunits/rgw/jcksum/file-0b
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/qa/workunits/rgw/jcksum/src/main/java/io/ceph/jcksum/jcksum.java b/qa/workunits/rgw/jcksum/src/main/java/io/ceph/jcksum/jcksum.java
index cc1632f256311b97d434409942e0075e36c151c5..8ac68a27e3c34daf5c6ced6568a8aa3340a20b19 100644 (file)
--- a/qa/workunits/rgw/jcksum/src/main/java/io/ceph/jcksum/jcksum.java
+++ b/qa/workunits/rgw/jcksum/src/main/java/io/ceph/jcksum/jcksum.java
@@ -42,6 +42,7 @@ public class jcksum {
        /* files containing test data of the corresponding names/sizes */
        public static Stream<String> inputFileNames() {
            return Stream.of(
+          "file-0b",
                        "file-8b",
                        "file-200b",
                        "file-21983b",

diff --git a/qa/workunits/rgw/test_awssdkv4_sig.sh b/qa/workunits/rgw/test_awssdkv4_sig.sh
index fa06d875cfcc826723f2a27b66af8e30003df358..0f1cfeb2c07537494eb07960b12d188180f09756 100755 (executable)
--- a/qa/workunits/rgw/test_awssdkv4_sig.sh
+++ b/qa/workunits/rgw/test_awssdkv4_sig.sh
@@ -39,4 +39,4 @@ pushd jcksum
 ./mvnw clean package
 ./mvnw test -Dtest=PutObjects
 
-exit 0
+exit

diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 765d19bfa6899a2365ac711d5a6c106edb096efa..86ea87388dbb744cebd3d9d22fe664da69d323e0 100644 (file)
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -1187,10 +1187,18 @@ bool AWSv4ComplMulti::is_signature_mismatched()
                     << calc_signature << dendl;
     ldout(cct(), 16) << "AWSv4ComplMulti: prev_chunk_signature="
                     << prev_chunk_signature << dendl;
-
   }
 
-  if (chunk_meta.get_signature() != calc_signature) {
+  auto match_signatures = [&]() -> bool {
+    /* sentinel case: 0-length chunk, likely chunk 0 */
+    if (chunk_meta.get_offset() == 0) [[unlikely]] {
+      return chunk_meta.get_signature() == prev_chunk_signature;
+    }
+    /* all other cases */
+    return chunk_meta.get_signature() == calc_signature;
+  };
+
+  if (! match_signatures()) [[unlikely]] {
     ldout(cct(), 16) << "AWSv4ComplMulti: ERROR: chunk signature mismatch"
                    << dendl;
     return true;
@@ -1198,7 +1206,7 @@ bool AWSv4ComplMulti::is_signature_mismatched()
     prev_chunk_signature = chunk_meta.get_signature();
     return false;
   }
-}
+} /* AWSv4ComplMulti::is_signature_mismatched */
 
 AWSv4ComplMulti::ReceiveChunkResult AWSv4ComplMulti::recv_chunk(
   char* const buf, const size_t buf_max, uint32_t cnt, bool& eof)

diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h
index f6876820056538cbe6e8645061190ac5ddcc1018..b2b1238f3130144aa108a30d38d9e2865018af2c 100644 (file)
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@@ -410,6 +410,7 @@ class AWSv4ComplMulti : public rgw::auth::Completer,
       /* The evolving state. */
       chunk_meta(ChunkMeta::create_first(
                   seed_signature, flags, 0 /* first call in cycle */)),
+      lf_bytes(0),
       stream_pos(0),
       sha256_hash(calc_hash_sha256_open_stream()),
       prev_chunk_signature(std::move(seed_signature))