Fix race in S3HttpHandler overwrite protection

kvanerum · kvanerum · commit 8e8f3e78dd41 · 2025-08-21T21:17:25.000+02:00
diff --git a/test/fixtures/s3-fixture/src/main/java/fixture/s3/S3HttpHandler.java b/test/fixtures/s3-fixture/src/main/java/fixture/s3/S3HttpHandler.java
@@ -208,11 +208,16 @@ public void handle(final HttpExchange exchange) throws IOException {
                     } else {
                         final var blobContents = upload.complete(extractPartEtags(Streams.readFully(exchange.getRequestBody())));
 
-                        if (isProtectOverwrite(exchange) && blobs.containsKey(request.path())) {
-                            preconditionFailed = true;
-                            responseBody = null;
+                        if (isProtectOverwrite(exchange)) {
+                            var previousValue = blobs.putIfAbsent(request.path(), blobContents);
+                            if (previousValue != null) {
+                                preconditionFailed = true;
+                            }
                         } else {
                             blobs.put(request.path(), blobContents);
+                        }
+
+                        if (preconditionFailed == false) {
                             responseBody = ("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
                                 + "<CompleteMultipartUploadResult>\n"
                                 + "<Bucket>"
@@ -222,6 +227,8 @@ public void handle(final HttpExchange exchange) throws IOException {
                                 + request.path()
                                 + "</Key>\n"
                                 + "</CompleteMultipartUploadResult>").getBytes(StandardCharsets.UTF_8);
+                        } else {
+                            responseBody = null;
                         }
                     }
                 }
@@ -241,27 +248,50 @@ public void handle(final HttpExchange exchange) throws IOException {
             } else if (request.isPutObjectRequest()) {
                 // a copy request is a put request with an X-amz-copy-source header
                 final var copySource = copySourceName(exchange);
-                if (isProtectOverwrite(exchange) && blobs.containsKey(request.path())) {
-                    exchange.sendResponseHeaders(RestStatus.PRECONDITION_FAILED.getStatus(), -1);
-                } else if (copySource != null) {
+                if (copySource != null) {
                     var sourceBlob = blobs.get(copySource);
                     if (sourceBlob == null) {
                         exchange.sendResponseHeaders(RestStatus.NOT_FOUND.getStatus(), -1);
                     } else {
-                        blobs.put(request.path(), sourceBlob);
-
-                        byte[] response = ("""
-                            <?xml version="1.0" encoding="UTF-8"?>
-                            <CopyObjectResult></CopyObjectResult>""").getBytes(StandardCharsets.UTF_8);
-                        exchange.getResponseHeaders().add("Content-Type", "application/xml");
-                        exchange.sendResponseHeaders(RestStatus.OK.getStatus(), response.length);
-                        exchange.getResponseBody().write(response);
+                        boolean preconditionFailed = false;
+                        if (isProtectOverwrite(exchange)) {
+                            var previousValue = blobs.putIfAbsent(request.path(), sourceBlob);
+                            if (previousValue != null) {
+                                preconditionFailed = true;
+                            }
+                        } else {
+                            blobs.put(request.path(), sourceBlob);
+                        }
+
+                        if (preconditionFailed) {
+                            exchange.sendResponseHeaders(RestStatus.PRECONDITION_FAILED.getStatus(), -1);
+                        } else {
+                            byte[] response = ("""
+                                <?xml version="1.0" encoding="UTF-8"?>
+                                <CopyObjectResult></CopyObjectResult>""").getBytes(StandardCharsets.UTF_8);
+                            exchange.getResponseHeaders().add("Content-Type", "application/xml");
+                            exchange.sendResponseHeaders(RestStatus.OK.getStatus(), response.length);
+                            exchange.getResponseBody().write(response);
+                        }
                     }
                 } else {
                     final Tuple<String, BytesReference> blob = parseRequestBody(exchange);
-                    blobs.put(request.path(), blob.v2());
-                    exchange.getResponseHeaders().add("ETag", blob.v1());
-                    exchange.sendResponseHeaders(RestStatus.OK.getStatus(), -1);
+                    boolean preconditionFailed = false;
+                    if (isProtectOverwrite(exchange)) {
+                        var previousValue = blobs.putIfAbsent(request.path(), blob.v2());
+                        if (previousValue != null) {
+                            preconditionFailed = true;
+                        }
+                    } else {
+                        blobs.put(request.path(), blob.v2());
+                    }
+
+                    if (preconditionFailed) {
+                        exchange.sendResponseHeaders(RestStatus.PRECONDITION_FAILED.getStatus(), -1);
+                    } else {
+                        exchange.getResponseHeaders().add("ETag", blob.v1());
+                        exchange.sendResponseHeaders(RestStatus.OK.getStatus(), -1);
+                    }
                 }
 
             } else if (request.isListObjectsRequest()) {
diff --git a/test/fixtures/s3-fixture/src/test/java/fixture/s3/S3HttpHandlerTests.java b/test/fixtures/s3-fixture/src/test/java/fixture/s3/S3HttpHandlerTests.java
@@ -32,10 +32,14 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
+import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Consumer;
 
 import static org.hamcrest.Matchers.allOf;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.greaterThan;
+import static org.hamcrest.Matchers.hasSize;
 
 public class S3HttpHandlerTests extends ESTestCase {
 
@@ -383,35 +387,80 @@ public void testExtractPartEtags() {
 
     }
 
-    public void testPreventObjectOverwrite() {
+    public void testPreventObjectOverwrite() throws InterruptedException {
         final var handler = new S3HttpHandler("bucket", "path");
 
-        final var body = randomBytesReference(50);
-        assertEquals(RestStatus.OK, handleRequest(handler, "PUT", "/bucket/path/blob", body, ifNoneMatchHeader()).status());
-        assertEquals(
-            RestStatus.PRECONDITION_FAILED,
-            handleRequest(handler, "PUT", "/bucket/path/blob", body, ifNoneMatchHeader()).status()
-        );
-
-        // multipart upload
-        final var createUploadResponse = handleRequest(handler, "POST", "/bucket/path/blob?uploads");
-        final var uploadId = getUploadId(createUploadResponse.body());
-
-        final var part1 = randomAlphaOfLength(50);
-        final var uploadPart1Response = handleRequest(handler, "PUT", "/bucket/path/blob?uploadId=" + uploadId + "&partNumber=1", part1);
-        final var part1Etag = Objects.requireNonNull(uploadPart1Response.etag());
-
-        assertEquals(
-            RestStatus.PRECONDITION_FAILED,
-            handleRequest(handler, "POST", "/bucket/path/blob?uploadId=" + uploadId, new BytesArray(Strings.format("""
+        Consumer<TestWriteTask> putObjectConsumer = (task) -> task.status = handleRequest(
+            handler,
+            "PUT",
+            "/bucket/path/blob",
+            task.body,
+            ifNoneMatchHeader()
+        ).status();
+
+        Consumer<TestWriteTask> prepareMultipartUploadConsumer = (task) -> {
+            final var createUploadResponse = handleRequest(handler, "POST", "/bucket/path/blob?uploads");
+            task.uploadId = getUploadId(createUploadResponse.body());
+
+            final var uploadPart1Response = handleRequest(
+                handler,
+                "PUT",
+                "/bucket/path/blob?uploadId=" + task.uploadId + "&partNumber=1",
+                task.body
+            );
+            task.etag = Objects.requireNonNull(uploadPart1Response.etag());
+        };
+
+        Consumer<TestWriteTask> completeMultipartUploadConsumer = (task) -> {
+            task.status = handleRequest(handler, "POST", "/bucket/path/blob?uploadId=" + task.uploadId, new BytesArray(Strings.format("""
                 <?xml version="1.0" encoding="UTF-8"?>
                 <CompleteMultipartUpload xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
                    <Part>
                       <ETag>%s</ETag>
                       <PartNumber>1</PartNumber>
                    </Part>
-                </CompleteMultipartUpload>""", part1Etag)), ifNoneMatchHeader()).status()
+                </CompleteMultipartUpload>""", task.etag)), ifNoneMatchHeader()).status();
+        };
+
+        var tasks = List.of(
+            new TestWriteTask(putObjectConsumer),
+            new TestWriteTask(putObjectConsumer),
+            new TestWriteTask(completeMultipartUploadConsumer, prepareMultipartUploadConsumer),
+            new TestWriteTask(completeMultipartUploadConsumer, prepareMultipartUploadConsumer)
         );
+
+        try (var executor = Executors.newVirtualThreadPerTaskExecutor()) {
+            tasks.forEach(task -> executor.submit(task.consumer));
+            executor.shutdown();
+            var done = executor.awaitTermination(1, TimeUnit.SECONDS);
+            assertTrue(done);
+        }
+
+        List<TestWriteTask> successfulTasks = tasks.stream().filter(task -> task.status == RestStatus.OK).toList();
+        assertThat(successfulTasks, hasSize(1));
+
+        assertEquals(
+            new TestHttpResponse(RestStatus.OK, successfulTasks.getFirst().body, TestHttpExchange.EMPTY_HEADERS),
+            handleRequest(handler, "GET", "/bucket/path/blob")
+        );
+    }
+
+    private static class TestWriteTask {
+        final BytesReference body;
+        final Runnable consumer;
+        String uploadId;
+        String etag;
+        RestStatus status;
+
+        TestWriteTask(Consumer<TestWriteTask> consumer, Consumer<TestWriteTask> prepare) {
+            this(consumer);
+            prepare.accept(this);
+        }
+
+        TestWriteTask(Consumer<TestWriteTask> consumer) {
+            this.body = randomBytesReference(50);
+            this.consumer = () -> consumer.accept(this);
+        }
     }
 
     private void runExtractPartETagsTest(String body, String... expectedTags) {
