From 01e520eb2361ac3520f30485cc0df83a3b980772 Mon Sep 17 00:00:00 2001
From: Mark Theunissen <mark.theunissen@minio.io>
Date: Tue, 17 Dec 2024 17:01:07 +0200
Subject: [PATCH] s3: Sanitize the source object name in CopyObject handler
 (#20774)

---
 cmd/object-handlers.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go
index e017e6777..b918f2485 100644
--- a/cmd/object-handlers.go
+++ b/cmd/object-handlers.go
@@ -1191,6 +1191,9 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re
 		return
 	}
 
+	// Sanitize the source object name similar to NewMultipart and PutObject API
+	srcObject = trimLeadingSlash(srcObject)
+
 	if vid != "" && vid != nullVersionID {
 		_, err := uuid.Parse(vid)
 		if err != nil {