Skip to content

awscurl generates an incorrect request signature when user-supplied hostname includes capital letters. #186

New issue
New issue
Closed
#187
Closed
awscurl generates an incorrect request signature when user-supplied hostname includes capital letters.#186
#187
@bfrobin446

Description

@bfrobin446
bfrobin446
opened on Oct 11, 2023

The command awscurl --service sts -X POST -d 'Action=GetCallerIdentity&Version=2011-06-15' -H 'Content-Type: application/x-www-form-urlencoded' https://sts.us-east-1.amazonaws.com successfully calls the GetCallerIdentity operation and returns a response.

If I change the URL by capitalizing some of the letters in the hostname, awscurl --service sts -X POST -d 'Action=GetCallerIdentity&Version=2011-06-15' -H 'Content-Type: application/x-www-form-urlencoded' https://STS.us-east-1.amazonaws.com, I get a SignatureDoesNotMatch error.

The code apparently assumes that the header values are already in their canonical form at the point where a comment describes how to canonicalize them (

awscurl/awscurl/awscurl.py

Line 198 in b2ebe71

# and value must be trimmed and lowercase, and sorted in ASCII order.
), but a mixed-case hostname reaches this point without ever being lowercased.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions