[jira] [Created] (HDDS-14802) Canonical path is not properly formed in S3

Tue, 10 Mar 2026 09:45:07 -0700 

Abhishek Pal created HDDS-14802:
-----------------------------------

             Summary: Canonical path is not properly formed in S3
                 Key: HDDS-14802
                 URL: https://issues.apache.org/jira/browse/HDDS-14802
             Project: Apache Ozone
          Issue Type: Bug
          Components: S3
            Reporter: Abhishek Pal
            Assignee: Rakesh Radhakrishnan


Currently the canonical path generation is not being properly followed by Ozone.
AWS S3 specs required that 3 byte character starting with % should be encoded 
as is.

However we encode the % sign as well.
Take the following example.

If we create a file named "folder%2Ffile.txt" this gets encoded to 
"folder%252Ffile.txt" where %25 is the encoding of "%" in the original file 
name.
We do not hit this bug directly as aws cli treats folder/file.txt and 
folder%2Ffile.txt as separate entities due to the encoding of "%". However the 
edge case can be triggered by a small script.

{code:bash}
EP='<enter endpoint for S3 gateway>'
B='testbuck'

# 1) Put only folder/file.txt
echo 'sigv4-path-test' > /tmp/sigv4.txt
aws s3api --endpoint-url "$EP" --no-verify-ssl \
  put-object --bucket "$B" --key 'folder/file.txt' --body /tmp/sigv4.txt

# 2) Generate valid presigned URL for folder/file.txt
URL=$(aws s3 presign "s3://$B/folder/file.txt" \
  --endpoint-url "$EP" --no-verify-ssl --expires-in 300)
echo "GOOD URL: $URL"

# 3) Call good URL (should be 200)
curl -k -i "$URL" | sed -n '1,8p'

# 4) Mutate ONLY the path: folder/file.txt -> folder%2Ffile.txt
BAD_URL=$(printf '%s\n' "$URL" | sed 's#folder/file.txt#folder%2Ffile.txt#')
echo "MUTATED URL: $BAD_URL"

# 5) Call mutated URL
curl -k -i "$BAD_URL" | sed -n '1,12p'
{code}

This code should actually produce a 403 SignatureError with the mutation done 
after the pre-sign.
However due to Ozone encoding the file differently we are able to access 
"folder/file.txt" even when we cURL "folder%2Ffile.txt"



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to