diff options
author | ernolf <raphael.gradenwitz@googlemail.com> | 2024-08-20 12:33:28 +0200 |
---|---|---|
committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-09-26 10:38:40 +0000 |
commit | 0a9cad04554d841fbe7ae3bd6dabf5039f951fa1 (patch) | |
tree | 0fcdc7636b226d01fb4079e09b53f925f97fc172 /lib | |
parent | 8446a1eb4c5c657daa4c8d104efd262ac9c5e6cb (diff) | |
download | nextcloud-server-0a9cad04554d841fbe7ae3bd6dabf5039f951fa1.tar.gz nextcloud-server-0a9cad04554d841fbe7ae3bd6dabf5039f951fa1.zip |
fix(share): Ensure unique share tokensbackport/48142/stable29
- check for token collisions and retry up to three times.
- throw after 3 attempts without finding a unique token.
Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Share20/Manager.php | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 16ada8c6c7a..bd35729cb3c 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -697,13 +697,25 @@ class Manager implements IManager { $this->linkCreateChecks($share); $this->setLinkParent($share); - // For now ignore a set token. - $share->setToken( - $this->secureRandom->generate( + for ($i = 0; $i <= 3; $i++) { + $token = $this->secureRandom->generate( \OC\Share\Constants::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE - ) - ); + ); + + try { + $this->getShareByToken($token); + } catch (\OCP\Share\Exceptions\ShareNotFound $e) { + // Set the unique token + $share->setToken($token); + break; + } + + // Abort after 3 failed attempts + if ($i >= 3) { + throw new \Exception('Unable to generate a unique share token after 3 attempts.'); + } + } // Verify the expiration date $share = $this->validateExpirationDateLink($share); |