From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id A605C1FF138 for ; Wed, 04 Mar 2026 11:15:38 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9909D676D; Wed, 4 Mar 2026 11:16:42 +0100 (CET) Message-ID: <303ee0a4-ae83-4b3f-8bcb-1481b6a6071b@proxmox.com> Date: Wed, 4 Mar 2026 11:16:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH proxmox] s3-client: fix double URI encoding of copy_object destination key To: Hannes Laimer , pbs-devel@lists.proxmox.com References: <20260304095514.27118-1-h.laimer@proxmox.com> Content-Language: en-US, de-DE From: Christian Ebner In-Reply-To: <20260304095514.27118-1-h.laimer@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1772619342388 X-SPAM-LEVEL: Spam detection results: 0 AWL -1.014 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.668 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.322 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 1.141 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: H4JNA2UHEOUR2W7B2I3SRXP63EFSF2XQ X-Message-ID-Hash: H4JNA2UHEOUR2W7B2I3SRXP63EFSF2XQ X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Thanks for the patch! On 3/4/26 10:55 AM, Hannes Laimer wrote: > build_uri() already calls aws_sign_v4_uri_encode() on its path argument, > so pre-encoding the destination key in copy_object() caused characters > like ':' to be encoded twice ('%3A' -> '%253A'). The server decodes the > URL path once, leaving '%3A' literally in the stored object key instead > of ':'. > > The copy source header still requires explicit encoding since it is not > routed through build_uri(). Currently this is only used to rename corrupt chunks on the S3 backend, therefore unnoticed since there the object keys do not contain characters to be uri encoded. > Signed-off-by: Hannes Laimer > --- > proxmox-s3-client/src/client.rs | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/proxmox-s3-client/src/client.rs b/proxmox-s3-client/src/client.rs > index 83176b39..34ac3e8f 100644 > --- a/proxmox-s3-client/src/client.rs > +++ b/proxmox-s3-client/src/client.rs > @@ -598,7 +598,6 @@ impl S3Client { > let copy_source = source_key.to_copy_source_key(bucket, &self.options.common_prefix); > let copy_source = aws_sign_v4_uri_encode(©_source, true); > let destination_key = destination_key.to_full_key(&self.options.common_prefix); > - let destination_key = aws_sign_v4_uri_encode(&destination_key, true); > let request = Request::builder() > .method(Method::PUT) > .uri(self.build_uri(&destination_key, &[])?) Reviewed-by: Christian Ebner