diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2017-05-09 13:00:07 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2017-05-09 13:00:07 +0200 |
commit | 5a61a794d4aefaab05a273a12b509a1585a679d0 (patch) | |
tree | f1f5ff484beaeefba4d05eef651c876ba5c25422 | |
parent | 46f7e8202fa5f5c2af6ac6e5dcb82be8a5db8f22 (diff) | |
download | nextcloud-server-5a61a794d4aefaab05a273a12b509a1585a679d0.tar.gz nextcloud-server-5a61a794d4aefaab05a273a12b509a1585a679d0.zip |
Do not write and read rootcerts.crt at the same time
(Possibly) fixes #3470
When updating the main file /files_external/rootcerts.crt we should not
read from /files_external/rootcerts.crt at the same time.
For 2 reasons: writing to a file and reading from it at the same time
can have non deterministic results
And we don't want all the certificates to appear 2 times in there.
This isn't caught by our standard file locking (that does not allow this
actually) because it is in a non locked path....
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r-- | lib/private/Security/CertificateManager.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php index 461ef9457a7..4419b56012f 100644 --- a/lib/private/Security/CertificateManager.php +++ b/lib/private/Security/CertificateManager.php @@ -119,7 +119,8 @@ class CertificateManager implements ICertificateManager { return; } - $fhCerts = $this->view->fopen($path . '/rootcerts.crt', 'w'); + $certPath = $path . 'rootcerts.crt'; + $fhCerts = $this->view->fopen($certPath, 'w'); // Write user certificates foreach ($certs as $cert) { @@ -136,7 +137,7 @@ class CertificateManager implements ICertificateManager { // Append the system certificate bundle $systemBundle = $this->getCertificateBundle(null); - if ($this->view->file_exists($systemBundle)) { + if ($systemBundle !== $certPath && $this->view->file_exists($systemBundle)) { $systemCertificates = $this->view->file_get_contents($systemBundle); fwrite($fhCerts, $systemCertificates); } |