Skip to content

Commit

Permalink
object: Limit header length to 16KB
Browse files Browse the repository at this point in the history
Previously, NeoFS used 4MB as object header's length limit. The value
originally resulted from the default max gRPC message length.

Now header length can be up to 16KB only. To ensure the safety of data
uploaded before the restriction was introduced, this limit does not
apply to intra-container replication.

Refs nspcc-dev/neofs-api#262.

Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
  • Loading branch information
cthulhu-rider committed Feb 22, 2024
1 parent d54311b commit 1c5dd30
Showing 3 changed files with 17 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@ Changelog for NeoFS Node
- Inability to deploy contract with non-standard zone via neofs-adm

### Changed
- Storage nodes no longer accept objects with header larger than 16KB (#xxx)

### Removed

7 changes: 7 additions & 0 deletions pkg/core/object/fmt.go
Original file line number Diff line number Diff line change
@@ -12,6 +12,13 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/storagegroup"
)

// MaxHeaderLen is a maximum allowed length of binary object header to be
// created via NeoFS API protocol.
const MaxHeaderLen = 16 << 10

// ErrMaxHeaderLenExceeded is returned when [MaxHeaderLen] is exceeded.
var ErrMaxHeaderLenExceeded = errors.New("max object header length exceeded")

// FormatValidator represents an object format validator.
type FormatValidator struct {
*cfg
9 changes: 9 additions & 0 deletions pkg/services/object/acl/v2/service.go
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@ import (
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
"github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
objectcore "github.com/nspcc-dev/neofs-node/pkg/core/object"
"github.com/nspcc-dev/neofs-node/pkg/services/object"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
"github.com/nspcc-dev/neofs-sdk-go/container/acl"
@@ -516,6 +517,14 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error {
return err
}

// if not a replication request, check max header size
if reqInfo.requestRole != acl.RoleContainer || request.GetMetaHeader().GetTTL() != 1 {
hdrLen := part.GetHeader().StableSize()
if hdrLen > objectcore.MaxHeaderLen {
return fmt.Errorf("%w: %d>%d", objectcore.ErrMaxHeaderLenExceeded, hdrLen, objectcore.MaxHeaderLen)

Check warning on line 524 in pkg/services/object/acl/v2/service.go

Codecov / codecov/patch

pkg/services/object/acl/v2/service.go#L521-L524

Added lines #L521 - L524 were not covered by tests
}
}

reqInfo.obj = obj

if !p.source.checker.CheckBasicACL(reqInfo) || !p.source.checker.StickyBitCheck(reqInfo, idOwner) {

0 comments on commit 1c5dd30

Please sign in to comment.