diff options
| author | Robin Appelman <robin@icewind.nl> | 2023-08-21 19:45:03 +0200 |
|---|---|---|
| committer | Robin Appelman <robin@icewind.nl> | 2024-03-08 14:20:14 +0100 |
| commit | ea8a774a0a2079a2ebe44e8d4a62162d80754e23 (patch) | |
| tree | e33759b8e9b2bcedaa19f1e5bbc0ec7a103629e1 | |
| parent | 47ebc1119af919ad2248636f82990ccc2bfc36fa (diff) | |
| download | nextcloud-server-ea8a774a0a2079a2ebe44e8d4a62162d80754e23.tar.gz nextcloud-server-ea8a774a0a2079a2ebe44e8d4a62162d80754e23.zip | |
fix: add some recrusive detection/prevention
Signed-off-by: Robin Appelman <robin@icewind.nl>
| -rw-r--r-- | apps/files_sharing/lib/SharedStorage.php | 16 | ||||
| -rw-r--r-- | lib/private/Files/Storage/Wrapper/Wrapper.php | 11 |
2 files changed, 26 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/SharedStorage.php b/apps/files_sharing/lib/SharedStorage.php index 35e2c0a7e36..80041afb96c 100644 --- a/apps/files_sharing/lib/SharedStorage.php +++ b/apps/files_sharing/lib/SharedStorage.php @@ -41,6 +41,7 @@ use OC\Files\Storage\Common; use OC\Files\Storage\FailedStorage; use OC\Files\Storage\Home; use OC\Files\Storage\Wrapper\PermissionsMask; +use OC\Files\Storage\Wrapper\Wrapper; use OC\User\NoUserException; use OCA\Files_External\Config\ConfigAdapter; use OCP\Constants; @@ -97,6 +98,8 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto private string $sourcePath = ''; + private static int $initDepth = 0; + public function __construct($arguments) { $this->ownerView = $arguments['ownerView']; $this->logger = \OC::$server->get(LoggerInterface::class); @@ -136,8 +139,15 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto if ($this->initialized) { return; } + $this->initialized = true; + self::$initDepth++; + try { + if (self::$initDepth > 10) { + throw new \Exception("Maximum share depth reached"); + } + /** @var IRootFolder $rootFolder */ $rootFolder = \OC::$server->get(IRootFolder::class); $this->ownerUserFolder = $rootFolder->getUserFolder($this->superShare->getShareOwner()); @@ -148,6 +158,9 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto $this->cache = new FailedCache(); $this->rootPath = ''; } else { + if ($this->nonMaskedStorage instanceof Wrapper && $this->nonMaskedStorage->isWrapperOf($this)) { + throw new \Exception('recursive share detected'); + } $this->nonMaskedStorage = $ownerNode->getStorage(); $this->sourcePath = $ownerNode->getPath(); $this->rootPath = $ownerNode->getInternalPath(); @@ -176,6 +189,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto if (!$this->nonMaskedStorage) { $this->nonMaskedStorage = $this->storage; } + self::$initDepth--; } /** @@ -409,7 +423,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto return new FailedCache(); } - $this->cache = new Cache( + $this->cache = new \OCA\Files_Sharing\Cache( $storage, $sourceRoot, \OC::$server->get(CacheDependencies::class), diff --git a/lib/private/Files/Storage/Wrapper/Wrapper.php b/lib/private/Files/Storage/Wrapper/Wrapper.php index 9f5564b4490..665914df2a7 100644 --- a/lib/private/Files/Storage/Wrapper/Wrapper.php +++ b/lib/private/Files/Storage/Wrapper/Wrapper.php @@ -654,4 +654,15 @@ class Wrapper implements \OC\Files\Storage\Storage, ILockingStorage, IWriteStrea public function getDirectoryContent($directory): \Traversable { return $this->getWrapperStorage()->getDirectoryContent($directory); } + + public function isWrapperOf(IStorage $storage) { + $wrapped = $this->getWrapperStorage(); + if ($wrapped === $storage) { + return true; + } + if ($wrapped instanceof Wrapper) { + return $wrapped->isWrapperOf($storage); + } + return false; + } } |