added 20kb limit for put bucket policy

Issue : CLDSRV-700

Author: SylvainSenechal

constants.js

@@ -89,6 +89,10 @@ const constants = {
     // Maximum HTTP headers size allowed
     maxHttpHeadersSize: 14122,
 
+    // AWS sets the maximum size for bucket policies to 20 KB
+    // https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html
+    bucketPolicyMaxBytesSize: 20 * 1024,
+
     // hex digest of sha256 hash of empty string:
     emptyStringHash: crypto.createHash('sha256')
         .update('', 'binary').digest('hex'),

lib/Config.js

@@ -1698,6 +1698,13 @@ class Config extends EventEmitter {
         }
 
         this.supportedLifecycleRules = parseSupportedLifecycleRules(config.supportedLifecycleRules);
+
+        this.bucketPolicyMaxBytesSize = config.bucketPolicyMaxBytesSize ||
+            constants.bucketPolicyMaxBytesSize;
+        assert(Number.isInteger(this.bucketPolicyMaxBytesSize) &&
+            this.bucketPolicyMaxBytesSize > 0,
+            'bad config: bucketPolicyMaxBytesSize must be a positive integer');
+
         return config;
     }
 

lib/api/bucketPutPolicy.js

@@ -5,6 +5,8 @@ const metadata = require('../metadata/wrapper');
 const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const { validatePolicyResource, validatePolicyConditions } =
     require('./apiUtils/authorization/permissionChecks');
+const constants = require('../../constants');
+const { config } = require('../Config.js');
 const { BucketPolicy } = models;
 
 /**
@@ -31,6 +33,10 @@ function _checkNotImplementedPolicy(policyString) {
 function bucketPutPolicy(authInfo, request, log, callback) {
     log.debug('processing request', { method: 'bucketPutPolicy' });
 
+    if (request.post && Buffer.byteLength(request.post, 'utf8') > constants.bucketPolicyMaxBytesSize) {
+        return callback(errorInstances.MalformedPolicy);
+    }
+
     const { bucketName } = request;
     const metadataValParams = {
         authInfo,