From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1D44B1FF16F for ; Tue, 22 Jul 2025 12:11:00 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 383BE35BC7; Tue, 22 Jul 2025 12:12:01 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Date: Tue, 22 Jul 2025 12:10:19 +0200 Message-ID: <20250722101106.526438-4-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250722101106.526438-1-c.ebner@proxmox.com> References: <20250722101106.526438-1-c.ebner@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1753179078586 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.044 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox v11 3/4] s3 client: Add missing S3 object key max length check X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" S3 object keys are limited to 1024 bytes, including the path components and separating slashes in addition to the filename. Check the length when creating the key from a string. Signed-off-by: Christian Ebner Reviewed-by: Lukas Wagner Reviewed-by: Hannes Laimer Tested-by: Lukas Wagner Tested-by: Hannes Laimer --- changes since version 10: - no changes proxmox-s3-client/examples/s3_client.rs | 4 ++-- proxmox-s3-client/src/object_key.rs | 26 ++++++++++++++++++------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/proxmox-s3-client/examples/s3_client.rs b/proxmox-s3-client/examples/s3_client.rs index c65ceb83..1cbb3939 100644 --- a/proxmox-s3-client/examples/s3_client.rs +++ b/proxmox-s3-client/examples/s3_client.rs @@ -46,7 +46,7 @@ async fn run() -> Result<(), anyhow::Error> { // Check if the bucket can be accessed s3_client.head_bucket().await?; - let rel_object_key = S3ObjectKey::from("object.txt"); + let rel_object_key = S3ObjectKey::try_from("object.txt")?; let body = proxmox_http::Body::empty(); let replace_existing_key = true; let _response = s3_client @@ -63,7 +63,7 @@ async fn run() -> Result<(), anyhow::Error> { .await?; // Delete a single object - let rel_object_key = S3ObjectKey::from("object.txt"); + let rel_object_key = S3ObjectKey::try_from("object.txt")?; let _response = s3_client.delete_object(rel_object_key).await?; Ok(()) } diff --git a/proxmox-s3-client/src/object_key.rs b/proxmox-s3-client/src/object_key.rs index 49959b6e..327e8ac7 100644 --- a/proxmox-s3-client/src/object_key.rs +++ b/proxmox-s3-client/src/object_key.rs @@ -1,4 +1,8 @@ -use anyhow::Error; +use anyhow::{bail, Error}; + +/// Byte limit for s3 object keys. +/// See https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html +const S3_OBJECT_KEY_MAX_LENGTH: usize = 1024; #[derive(Clone, Debug)] /// S3 Object Key @@ -9,13 +13,21 @@ pub enum S3ObjectKey { Relative(String), } -impl core::convert::From<&str> for S3ObjectKey { - fn from(s: &str) -> Self { - if let Some(s) = s.strip_prefix("/") { - Self::Full(s.to_string()) +impl core::convert::TryFrom<&str> for S3ObjectKey { + type Error = Error; + + fn try_from(s: &str) -> Result { + let (key, key_byte_length) = if let Some(s) = s.strip_prefix("/") { + (Self::Full(s.to_string()), s.as_bytes().len()) } else { - Self::Relative(s.to_string()) + (Self::Relative(s.to_string()), s.as_bytes().len()) + }; + if key_byte_length > S3_OBJECT_KEY_MAX_LENGTH { + bail!( + "Object key length of {key_byte_length} exceeds limit of {S3_OBJECT_KEY_MAX_LENGTH}", + ); } + Ok(key) } } impl S3ObjectKey { @@ -56,7 +68,7 @@ impl std::str::FromStr for S3ObjectKey { type Err = Error; fn from_str(s: &str) -> Result { - Ok(Self::from(s)) + Self::try_from(s) } } -- 2.47.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel