[PR #555] [MERGED] don't sign empty headers (as they are discarded by libcurl) #1546

New issue

Closed

opened 2026-03-04 02:00:59 +03:00 by kerem · 0 comments

kerem commented

2026-03-04 02:00:59 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/s3fs-fuse/s3fs-fuse/pull/555
Author: @orozery
Created: 4/2/2017
Status: ✅ Merged
Merged: 4/16/2017
Merged by: @ggtakec

Base: master ← Head: dont_sign_empty_headers

📝 Commits (1)

3bcca75 don't sign empty headers (as they are discarded by libcurl)

📊 Changes

1 file changed (+12 additions, -0 deletions)

View changed files

📝 src/curl.cpp (+12 -0)

📄 Description

Details

The AWSv4 signature function signs all request headers, including those with an empty string value.
Those headers with empty value are later discarded by libcurl (i.e. they are not sent to the s3 server).
This lead to a situation of a bad signature.

For example, this invalid request was generated:
POST /ozeri/rand10m5?uploads= HTTP/1.1
host: <...>
User-Agent: s3fs/1.80 (commit hash unknown; OpenSSL)
Authorization: AWS4-HMAC-SHA256 Credential=<...>, SignedHeaders=accept;content-length;content-type;host;x-amz-acl;x-amz-content-sha256;x-amz-date;x-amz-meta-gid;x-amz-meta-mode;x-amz-meta-mtime;x-amz-meta-uid, Signature=<...>
Content-Type: application/octet-stream
x-amz-acl: private
x-amz-content-sha256: <...>
x-amz-date: <...>
x-amz-meta-gid: 0
x-amz-meta-mode: 33188
x-amz-meta-mtime: <...>
x-amz-meta-uid: 0

Note that the Authorization string contains accept;content-length in the signedheaders list, but this headers don't actually appear in the request.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/s3fs-fuse/s3fs-fuse/pull/555 **Author:** [@orozery](https://github.com/orozery) **Created:** 4/2/2017 **Status:** ✅ Merged **Merged:** 4/16/2017 **Merged by:** [@ggtakec](https://github.com/ggtakec) **Base:** `master` ← **Head:** `dont_sign_empty_headers` --- ### 📝 Commits (1) - [`3bcca75`](https://github.com/s3fs-fuse/s3fs-fuse/commit/3bcca75a886680dfab2b6ef579f18eb0a6df96f5) don't sign empty headers (as they are discarded by libcurl) ### 📊 Changes **1 file changed** (+12 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/curl.cpp` (+12 -0) </details> ### 📄 Description #### Details The AWSv4 signature function signs all request headers, including those with an empty string value. Those headers with empty value are later discarded by libcurl (i.e. they are not sent to the s3 server). This lead to a situation of a bad signature. For example, this invalid request was generated: POST /ozeri/rand10m5?uploads= HTTP/1.1 host: <...> User-Agent: s3fs/1.80 (commit hash unknown; OpenSSL) Authorization: AWS4-HMAC-SHA256 Credential=<...>, SignedHeaders=accept;content-length;content-type;host;x-amz-acl;x-amz-content-sha256;x-amz-date;x-amz-meta-gid;x-amz-meta-mode;x-amz-meta-mtime;x-amz-meta-uid, Signature=<...> Content-Type: application/octet-stream x-amz-acl: private x-amz-content-sha256: <...> x-amz-date: <...> x-amz-meta-gid: 0 x-amz-meta-mode: 33188 x-amz-meta-mtime: <...> x-amz-meta-uid: 0 Note that the Authorization string contains accept;content-length in the signedheaders list, but this headers don't actually appear in the request. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>