signv4: fix sigv4 algorithm

PettitWesley · edsiper · commit 5d50c026dcfc · 2020-01-16T20:49:08.000+10:00
The previous implementation had 2 problems:
- the logic for sorting uri params was incorrect
- the uri encoding for param keys and values needed to encode "/"

In addition, the tests had to be modified to remove the host and
content-length headers that are auto  added when creating an
flb_http_client. In the tests, all headers come from the test
files.

Signed-off-by: Wesley Pettit &lt;wppttt@amazon.com&gt;
diff --git a/src/flb_signv4.c b/src/flb_signv4.c
@@ -85,18 +85,16 @@ static int hmac_sha256_sign(unsigned char out[32],
 
 static int kv_key_cmp(const void *a_arg, const void *b_arg)
 {
+    int ret;
     struct flb_kv *kv_a = *(struct flb_kv **) a_arg;
     struct flb_kv *kv_b = *(struct flb_kv **) b_arg;
 
-    return strcmp(kv_a->key, kv_b->key);
-}
-
-static int kv_val_cmp(const void *a_arg, const void *b_arg)
-{
-    struct flb_kv *kv_a = *(struct flb_kv **) a_arg;
-    struct flb_kv *kv_b = *(struct flb_kv **) b_arg;
+    ret = strcmp(kv_a->key, kv_b->key);
+    if (ret == 0) {
+        ret = strcmp(kv_a->val, kv_b->val);
+    }
 
-    return strcmp(kv_a->val, kv_b->val);
+    return ret;
 }
 
 static inline int to_encode(char c)
@@ -218,6 +216,49 @@ static flb_sds_t uri_encode(const char *uri, size_t len)
     return buf;
 }
 
+/*
+ * Encodes URI parameters, which can not have "/" characters in them
+ * (This happens in an STS request, the role ARN has a slash and is
+ * given as a query parameter).
+ */
+static flb_sds_t uri_encode_params(const char *uri, size_t len)
+{
+    int i;
+    flb_sds_t buf = NULL;
+    flb_sds_t tmp = NULL;
+
+    buf = flb_sds_create_size(len * 2);
+    if (!buf) {
+        flb_error("[signv4] cannot allocate buffer for URI encoding");
+        return NULL;
+    }
+
+    for (i = 0; i < len; i++) {
+        if (to_encode(uri[i]) == FLB_TRUE || uri[i] == '/') {
+            tmp = flb_sds_printf(&buf, "%%%02X", (unsigned char) *(uri + i));
+            if (!tmp) {
+                flb_error("[signv4] error formatting special character");
+                flb_sds_destroy(buf);
+                return NULL;
+            }
+            buf = tmp;
+            continue;
+        }
+
+        /* Direct assignment, just copy the character */
+        if (buf) {
+            tmp = flb_sds_cat(buf, uri + i, 1);
+            if (!tmp) {
+                flb_error("[signv4] error composing outgoing buffer");
+                flb_sds_destroy(buf);
+                return NULL;
+            }
+        }
+    }
+
+    return buf;
+}
+
 /*
  * Convert URL encoded params (query string or POST payload) to a sorted
  * key/value linked list
@@ -261,9 +302,9 @@ static flb_sds_t url_params_format(char *params)
         p++;
 
         /* URI encode every key and value */
-        key = uri_encode(e->str, len);
+        key = uri_encode_params(e->str, len);
         len++;
-        val = uri_encode(p, flb_sds_len(e->str) - len);
+        val = uri_encode_params(p, flb_sds_len(e->str) - len);
         if (!key || !val) {
             flb_error("[signv4] error encoding uri for query string");
             if (key) {
@@ -315,9 +356,6 @@ static flb_sds_t url_params_format(char *params)
     /* sort headers by key */
     qsort(arr, items, sizeof(struct flb_kv *), kv_key_cmp);
 
-    /* re-sort by values (duplicated keys) */
-    qsort(arr, items, sizeof(struct flb_kv *), kv_val_cmp);
-
     /* Format query string parameters */
     buf = flb_sds_create_size(items * 64);
     if (!buf) {
diff --git a/tests/internal/signv4.c b/tests/internal/signv4.c
@@ -292,6 +292,26 @@ static struct flb_http_client *convert_request_file(char *request,
                         req->payload, req->payload ? flb_sds_len(req->payload): -1,
                         NULL, -1, NULL, 0);
 
+    /*
+     * flb_http_client automatically adds host and content-length
+     * for the tests we remove these since all headers come from
+     * the the test file
+     */
+     mk_list_foreach(head, &c->headers) {
+         kv = mk_list_entry(head, struct flb_kv, _head);
+         if (strncasecmp(kv->key, "Host", 4) == 0) {
+             flb_kv_item_destroy(kv);
+             break;
+         }
+     }
+     mk_list_foreach(head, &c->headers) {
+         kv = mk_list_entry(head, struct flb_kv, _head);
+         if (strncasecmp(kv->key, "Content-Length", 14) == 0) {
+             flb_kv_item_destroy(kv);
+             break;
+         }
+     }
+
     /* Append registered headers */
     mk_list_foreach(head, &req->headers) {
         kv = mk_list_entry(head, struct flb_kv, _head);
