diff options
| author | Julius Härtl <jus@bitgrid.net> | 2020-07-22 10:05:51 +0200 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2020-08-14 07:58:40 +0200 |
| commit | 36cfdd320bd766798930dc09acea74b27f58d95c (patch) | |
| tree | 21afcb71b33a109cc1d2d2bfb739f3f64ef1a8bd /apps/encryption/lib/Users/Setup.php | |
| parent | ed461155930219c2de3a648e7dfdf75778af2f7a (diff) | |
| download | nextcloud-server-36cfdd320bd766798930dc09acea74b27f58d95c.tar.gz nextcloud-server-36cfdd320bd766798930dc09acea74b27f58d95c.zip | |
Harden key generation
There might be cases where multiple requests trigger the key generation
at the same time and the instance ends up with a non-fitting
public/private key pair. Therefore the whole key generation should be
locked. Other than that this makes sure that user key generation return
values are properly validated.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'apps/encryption/lib/Users/Setup.php')
| -rw-r--r-- | apps/encryption/lib/Users/Setup.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/encryption/lib/Users/Setup.php b/apps/encryption/lib/Users/Setup.php index 5406c4e51cc..e80435ac698 100644 --- a/apps/encryption/lib/Users/Setup.php +++ b/apps/encryption/lib/Users/Setup.php @@ -73,8 +73,8 @@ class Setup { */ public function setupUser($uid, $password) { if (!$this->keyManager->userHasKeys($uid)) { - return $this->keyManager->storeKeyPair($uid, $password, - $this->crypt->createKeyPair()); + $keyPair = $this->crypt->createKeyPair(); + return is_array($keyPair) ? $this->keyManager->storeKeyPair($uid, $password, $keyPair) : false; } return true; } |