archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: add some recrusive detection/prevention

Browse Source 
Signed-off-by: Robin Appelman <robin@icewind.nl>
pull/44321/head
Robin Appelman 9 months ago
parent d2754fe993
commit 406a59ccae
No known key found for this signature in database
GPG Key ID: 42B69D8A64526EFB
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File

14
apps/files_sharing/lib/SharedStorage.php
Unescape Escape View File

@ -44,6 +44,7 @@ use OCP\Files\IHomeStorage;
use OCP\Files\Node;
use OC\Files\Storage\FailedStorage;
use OC\Files\Storage\Wrapper\PermissionsMask;
use OC\Files\Storage\Wrapper\Wrapper;
use OC\User\NoUserException;
use OCA\Files_External\Config\ExternalMountPoint;
use OCP\Constants;
@ -98,6 +99,8 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto
private string $sourcePath = '';
private static int $initDepth = 0;
public function __construct($arguments) {
$this->ownerView = $arguments['ownerView'];
$this->logger = \OC::$server->getLogger();
@ -137,8 +140,15 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto
if ($this->initialized) {
return;
}
$this->initialized = true;
self::$initDepth++;
try {
if (self::$initDepth > 10) {
throw new \Exception("Maximum share depth reached");
}
/** @var IRootFolder $rootFolder */
$rootFolder = \OC::$server->get(IRootFolder::class);
$this->ownerUserFolder = $rootFolder->getUserFolder($this->superShare->getShareOwner());
@ -151,6 +161,9 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto
$this->cache = new FailedCache();
$this->rootPath = '';
} else {
if ($this->nonMaskedStorage instanceof Wrapper && $this->nonMaskedStorage->isWrapperOf($this)) {
throw new \Exception('recursive share detected');
}
$this->nonMaskedStorage = $ownerNode->getStorage();
$this->sourcePath = $ownerNode->getPath();
$this->rootPath = $ownerNode->getInternalPath();
@ -179,6 +192,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto
if (!$this->nonMaskedStorage) {
$this->nonMaskedStorage = $this->storage;
}
self::$initDepth--;
}
/**

11
lib/private/Files/Storage/Wrapper/Wrapper.php
Unescape Escape View File

@ -654,4 +654,15 @@ class Wrapper implements \OC\Files\Storage\Storage, ILockingStorage, IWriteStrea
public function getDirectoryContent($directory): \Traversable {
return $this->getWrapperStorage()->getDirectoryContent($directory);
}
public function isWrapperOf(IStorage $storage) {
$wrapped = $this->getWrapperStorage();
if ($wrapped === $storage) {
return true;
}
if ($wrapped instanceof Wrapper) {
return $wrapped->isWrapperOf($storage);
}
return false;
}
}

Write Preview
Loading…
Cancel
Save