From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id D40681FF138 for ; Wed, 04 Mar 2026 10:55:10 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B42455DD1; Wed, 4 Mar 2026 10:56:14 +0100 (CET) From: Hannes Laimer To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox] s3-client: fix double URI encoding of copy_object destination key Date: Wed, 4 Mar 2026 10:55:14 +0100 Message-ID: <20260304095514.27118-1-h.laimer@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1772618114946 X-SPAM-LEVEL: Spam detection results: 0 AWL -1.002 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.668 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.322 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 1.141 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 4ENYVY5T5BVZ3BSNWOKJTML3J7RZL5UK X-Message-ID-Hash: 4ENYVY5T5BVZ3BSNWOKJTML3J7RZL5UK X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: build_uri() already calls aws_sign_v4_uri_encode() on its path argument, so pre-encoding the destination key in copy_object() caused characters like ':' to be encoded twice ('%3A' -> '%253A'). The server decodes the URL path once, leaving '%3A' literally in the stored object key instead of ':'. The copy source header still requires explicit encoding since it is not routed through build_uri(). Signed-off-by: Hannes Laimer --- proxmox-s3-client/src/client.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/proxmox-s3-client/src/client.rs b/proxmox-s3-client/src/client.rs index 83176b39..34ac3e8f 100644 --- a/proxmox-s3-client/src/client.rs +++ b/proxmox-s3-client/src/client.rs @@ -598,7 +598,6 @@ impl S3Client { let copy_source = source_key.to_copy_source_key(bucket, &self.options.common_prefix); let copy_source = aws_sign_v4_uri_encode(©_source, true); let destination_key = destination_key.to_full_key(&self.options.common_prefix); - let destination_key = aws_sign_v4_uri_encode(&destination_key, true); let request = Request::builder() .method(Method::PUT) .uri(self.build_uri(&destination_key, &[])?) -- 2.47.3