Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: S3: buffer overflow for long access key

Please consider submitting this also directly to libs3:
https://github.com/bji/libs3
martin

Re: S3: buffer overflow for long access key

Thanks for your report.

This issue has been added to the tracker:
https://winscp.net/tracker/1914
stw

S3: buffer overflow for long access key

Connecting to a MinIO (S3-compatible) server via the S3 protocol does not work in certain conditions, because there seems to be a buffer overflow in WinSCP which causes invalid headers to be sent.

WinSCP sends this header:
Authorization: AWS4-HMAC-SHA256 Credential=__ACCESS_KEY__/st01/s3/aws4_reque__SIGN__,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=__SIGN__


a valid header would look like this:
Authorization: AWS4-HMAC-SHA256 Credential=__ACCESS_KEY__/20201016/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=__SIGN__


So the Credential value sent is truncated and also includes the signature (most probably because of a buffer overflow, cause it works when using shorter access keys)

Access key and Secret key lenght is 64-characters both in this case.

//edit: looks like key-length is hardcoded to 32 (!)
https://github.com/winscp/winscp/blob/83ef71faa26704532f19048da86ed4c7cbb64694/libs/libs3/inc/util.h#L74

https://github.com/winscp/winscp/pull/15

WinSCP 5.17.8 b10803 on Win10 1909