aws/signer/v4: Fix out of bounds panic in stripExcessSpaces

Fixes the out of bands panic in stripExcessSpaces caused by an incorrect calculation of the stripToIdx value. Simplified to code also. Fix #1411
aws · Jul 21, 2017 · 6802c15 · 6802c15
1 parent 0aadb9e
commit 6802c15
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/aws/signer/v4/v4.go b/aws/signer/v4/v4.go
@@ -735,23 +735,25 @@ func stripExcessSpaces(headerVals []string) []string {
 
 		buf := []byte(trimmed)
 		for idx > -1 {
-			stripToIdx := -1
-			for j := idx + 1; j < len(buf); j++ {
+			idx++ // Start on the second space
+
+			stripped := false
+			for j := idx; j < len(buf); j++ {
 				if buf[j] != ' ' {
-					buf = append(buf[:idx+1], buf[j:]...)
-					stripToIdx = j - idx - 1
+					buf = append(buf[:idx], buf[j:]...)
+					stripped = true
 					break
 				}
 			}
+			if !stripped {
+				break
+			}
 
-			if stripToIdx >= 0 {
-				// Find next double space
-				idx = bytes.Index(buf[stripToIdx:], doubleSpaceBytes)
-				if idx >= 0 {
-					idx += stripToIdx
-				}
-			} else {
-				idx = -1
+			// Find next double space
+			origIdx := idx
+			idx = bytes.Index(buf[idx:], doubleSpaceBytes)
+			if idx > 0 {
+				idx += origIdx
 			}
 		}
 

diff --git a/aws/signer/v4/v4_test.go b/aws/signer/v4/v4_test.go
@@ -30,6 +30,8 @@ func TestStripExcessHeaders(t *testing.T) {
 		" 1  2  ",
 		"12   3",
 		"12   3   1",
+		"12           3     1",
+		"12     3       1abc123",
 	}
 
 	expected := []string{
@@ -43,6 +45,8 @@ func TestStripExcessHeaders(t *testing.T) {
 		"1 2",
 		"12 3",
 		"12 3 1",
+		"12 3 1",
+		"12 3 1abc123",
 	}
 
 	newVals := stripExcessSpaces(vals)