Protect the signature process against null terminators

[Dalzhim]

Describe the feature

The following code leads to painful request signature issues for which solutions are hard to come by:

std::string region = GetRegionFromIMDSv2();
if (!region.empty()) {
    // Erase the character that represents the availability zone (i.e. : a, b, c, d)
    region[region.length() - 1] = '\0';
}

The reason this is a problem is that the null terminator is part of the std::string's content. When the AWSAuthV4Signer.cpp builds the Authorization header for the request, it inserts the region into a StringStream, including the null-terminator. Later in the process, the header is effectively truncated in the middle of the Credential parameter and the other parameters (SignedHeaders and Signature) are completely cut off.

Use Case

Prevent obscure and preventable errors caused by unanticipated use of the SDK.

Proposed Solution

It would be trivial to prevent this kind of issue by streaming the underlying char* buffer of the string to defend against this kind of issue, like so: sstr << regionStr.c_str().

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

[bhavya2109sharma]

Hello @Dalzhim,

Thanks for reaching out.
Could you please share your use case and an enough self-contained code which can reproduce the issue.

Thanks,
Bhavya

[Dalzhim]

If you start with the PutMetricData example in the AWS documentation:

Aws::CloudWatch::CloudWatchClient cw;

Aws::CloudWatch::Model::Dimension dimension;
dimension.SetName("UNIQUE_PAGES");
dimension.SetValue("URLS");

Aws::CloudWatch::Model::MetricDatum datum;
datum.SetMetricName("PAGES_VISITED");
datum.SetUnit(Aws::CloudWatch::Model::StandardUnit::None);
datum.SetValue(data_point);
datum.AddDimensions(dimension);

Aws::CloudWatch::Model::PutMetricDataRequest request;
request.SetNamespace("SITE/TRAFFIC");
request.AddMetricData(datum);

auto outcome = cw.PutMetricData(request);
if (!outcome.IsSuccess())
{
    std::cout << "Failed to put sample metric data:" <<
        outcome.GetError().GetMessage() << std::endl;
}
else
{
    std::cout << "Successfully put sample metric data" << std::endl;
}

You just need to change the first line with the following snippet in order to reproduce the issue:

std::string region = "us-east-1a";
region.back() = '\0';
Aws::Client::ClientConfiguration clientConfig;
clientConfig.region = region;
Aws::CloudWatch::CloudWatchClient cw{clientConfig};

Now is it important to be able to proceed this way? Not inherently. What's important though is that applying the proposed solution can help save a lot of time to the library users who unknowingly break the signature process.

[bhavya2109sharma]

Hello @Dalzhim

Thanks for providing the information.
In the latest versions of C++, the standard way of handling strings is that the null terminator is considered part of the string. If the customer wants to remove the last character of the string, they should use a method like str.pop_back() instead of manually setting the last character to '\0'. Also, Customer should protect the signature against null terminators as SDK cannot do at their side.

Thanks,
Bhavya

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.