diff options
| author | Robin Appelman <robin@icewind.nl> | 2024-03-22 15:43:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-22 15:43:53 +0100 |
| commit | 812872ca4e17fb5b8f87c2d9fe95fb6fa52bfdf4 (patch) | |
| tree | ce8d3a3316bcdfd95108b0ce4c6507cd6a345db0 /apps | |
| parent | 433e3cdd7dfe984a1b582e3f0a7855f47c14091d (diff) | |
| parent | 406a59ccae137fc640832835bcbcfc7cb80227f5 (diff) | |
| download | nextcloud-server-812872ca4e17fb5b8f87c2d9fe95fb6fa52bfdf4.tar.gz nextcloud-server-812872ca4e17fb5b8f87c2d9fe95fb6fa52bfdf4.zip | |
Merge pull request #44321 from nextcloud/backport/39990/stable27
[stable27] add some recrusive detection/prevention
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/lib/SharedStorage.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/SharedStorage.php b/apps/files_sharing/lib/SharedStorage.php index c9d8fbffc64..ad43e847d37 100644 --- a/apps/files_sharing/lib/SharedStorage.php +++ b/apps/files_sharing/lib/SharedStorage.php @@ -44,6 +44,7 @@ use OCP\Files\IHomeStorage; use OCP\Files\Node; use OC\Files\Storage\FailedStorage; use OC\Files\Storage\Wrapper\PermissionsMask; +use OC\Files\Storage\Wrapper\Wrapper; use OC\User\NoUserException; use OCA\Files_External\Config\ExternalMountPoint; use OCP\Constants; @@ -98,6 +99,8 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto private string $sourcePath = ''; + private static int $initDepth = 0; + public function __construct($arguments) { $this->ownerView = $arguments['ownerView']; $this->logger = \OC::$server->getLogger(); @@ -137,8 +140,15 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto if ($this->initialized) { return; } + $this->initialized = true; + self::$initDepth++; + try { + if (self::$initDepth > 10) { + throw new \Exception("Maximum share depth reached"); + } + /** @var IRootFolder $rootFolder */ $rootFolder = \OC::$server->get(IRootFolder::class); $this->ownerUserFolder = $rootFolder->getUserFolder($this->superShare->getShareOwner()); @@ -151,6 +161,9 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto $this->cache = new FailedCache(); $this->rootPath = ''; } else { + if ($this->nonMaskedStorage instanceof Wrapper && $this->nonMaskedStorage->isWrapperOf($this)) { + throw new \Exception('recursive share detected'); + } $this->nonMaskedStorage = $ownerNode->getStorage(); $this->sourcePath = $ownerNode->getPath(); $this->rootPath = $ownerNode->getInternalPath(); @@ -179,6 +192,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto if (!$this->nonMaskedStorage) { $this->nonMaskedStorage = $this->storage; } + self::$initDepth--; } /** |