Skip to content

Commit

Permalink
avoid leaks during zip download and multi-object downloads (#3481)
Browse files Browse the repository at this point in the history
  • Loading branch information
@harshavardhana
harshavardhana authored Dec 3, 2024
1 parent 0b8af38 commit 6afd0b1
Show file tree
Hide file tree
Showing 6 changed files with 50 additions and 54 deletions.
54 changes: 27 additions & 27 deletions .github/workflows/jobs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -64,7 +64,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
steps:
# To build minio image, we need to clone the repository first
- name: Clone github.com/minio/minio
Expand Down Expand Up @@ -150,7 +150,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -189,7 +189,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -243,7 +243,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -296,7 +296,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -348,7 +348,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -400,7 +400,7 @@ jobs:
timeout-minutes: 15
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -448,7 +448,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -496,7 +496,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -544,7 +544,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -595,7 +595,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -648,7 +648,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -683,7 +683,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -720,7 +720,7 @@ jobs:

strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]

steps:
- name: Check out code
Expand Down Expand Up @@ -817,7 +817,7 @@ jobs:

strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]

steps:
- name: Check out code
Expand Down Expand Up @@ -867,7 +867,7 @@ jobs:
echo "replace github.com/minio/console => ../" >> go.mod
echo "updates to go.mod needed; to update it: go mod tidy"
go mod tidy -compat=1.22
go mod tidy -compat=1.23
echo "Get git version to build MinIO Image";
VERSION=`git rev-parse HEAD`;
Expand Down Expand Up @@ -901,7 +901,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -956,7 +956,7 @@ jobs:
echo "download golang x tools"
go mod download golang.org/x/tools
echo "go mod tidy compat mode"
go mod tidy -compat=1.22
go mod tidy -compat=1.23
echo "go build gocoverage.go"
go build gocovmerge.go
echo "put together the outs for final coverage resolution"
Expand Down Expand Up @@ -1027,7 +1027,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1069,7 +1069,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1109,7 +1109,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1137,7 +1137,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand All @@ -1164,7 +1164,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1192,7 +1192,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1220,7 +1220,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/vulncheck.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22
go-version: 1.23.3
check-latest: true
- name: Get official govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
Expand All @@ -33,7 +33,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.22 ]
go-version: [ 1.23.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
Expand Down
14 changes: 0 additions & 14 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,7 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)

<!-- markdown-toc end -->

## Install

MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
The standalone binary installation path has been removed.

In case a Console standalone binary is needed, it can be generated by building this package from source as follows:

### Build from source

> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
> Minimum version required is go1.22
```
go install github.com/minio/console/cmd/console@latest
```

## Setup

Expand Down
18 changes: 14 additions & 4 deletions api/user_objects.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -550,10 +550,13 @@ func getDownloadFolderResponse(session *models.Principal, params objectApi.Downl
Modified: modified,
})
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}

_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
Expand Down Expand Up @@ -650,14 +653,17 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
// Ignore errors, move to next
continue
}
modified, _ := time.Parse(time.RFC3339, obj.LastModified)

modified, _ := time.Parse(time.RFC3339, obj.LastModified)
f, err := addToZip(name, modified)
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}

_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
Expand All @@ -666,13 +672,14 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
}

} else {
// add selected individual object
objectData, err := mClient.StatObject(ctx, params.BucketName, dObj, minio.StatObjectOptions{})
object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})
if err != nil {
// Ignore errors, move to next
continue
}
object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})

// add selected individual object
objectData, err := object.Stat()
if err != nil {
// Ignore errors, move to next
continue
Expand All @@ -683,10 +690,13 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
objectName := prefixes[len(prefixes)-1]
f, err := addToZip(objectName, objectData.LastModified)
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}

_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
Expand Down
6 changes: 3 additions & 3 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/minio/console

go 1.22
go 1.23

require (
github.com/blang/semver/v4 v4.0.0
Expand All @@ -24,6 +24,7 @@ require (
github.com/minio/madmin-go/v3 v3.0.68
github.com/minio/mc v0.0.0-20240815155011-479171e7be9c
github.com/minio/minio-go/v7 v7.0.81-0.20241125171916-a563333c01ef
github.com/minio/pkg/v3 v3.0.22
github.com/minio/selfupdate v0.6.0
github.com/minio/websocket v1.6.0
github.com/mitchellh/go-homedir v1.1.0
Expand All @@ -35,14 +36,13 @@ require (
golang.org/x/crypto v0.28.0
golang.org/x/net v0.30.0
golang.org/x/oauth2 v0.22.0

// Added to include security fix for
// https://github.com/golang/go/issues/56152
golang.org/x/text v0.19.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)

require github.com/minio/pkg/v3 v3.0.22

require (
aead.dev/mem v0.2.0 // indirect
aead.dev/minisign v0.3.0 // indirect
Expand Down
Loading

0 comments on commit 6afd0b1

Please sign in to comment.