Skip to content

Commit d06e311

Browse files
icewind1991icewind1991
committed
fix: add some recrusive detection/prevention
Signed-off-by: Robin Appelman <robin@icewind.nl>
1 parent 799c6de commit d06e311

File tree

2 files changed

+26
-1
lines changed

2 files changed

+26
-1
lines changed

apps/files_sharing/lib/SharedStorage.php

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@
4141
use OC\Files\Storage\FailedStorage;
4242
use OC\Files\Storage\Home;
4343
use OC\Files\Storage\Wrapper\PermissionsMask;
44+
use OC\Files\Storage\Wrapper\Wrapper;
4445
use OC\User\NoUserException;
4546
use OCA\Files_External\Config\ConfigAdapter;
4647
use OCP\Constants;
@@ -97,6 +98,8 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements ISharedSto
9798

9899
private string $sourcePath = '';
99100

101+
static private int $initDepth = 0;
102+
100103
public function __construct($arguments) {
101104
$this->ownerView = $arguments['ownerView'];
102105
$this->logger = \OC::$server->get(LoggerInterface::class);
@@ -136,8 +139,15 @@ private function init() {
136139
if ($this->initialized) {
137140
return;
138141
}
142+
139143
$this->initialized = true;
144+
self::$initDepth++;
145+
140146
try {
147+
if (self::$initDepth > 10) {
148+
throw new \Exception("Maximum share depth reached");
149+
}
150+
141151
/** @var IRootFolder $rootFolder */
142152
$rootFolder = \OC::$server->get(IRootFolder::class);
143153
$this->ownerUserFolder = $rootFolder->getUserFolder($this->superShare->getShareOwner());
@@ -150,6 +160,9 @@ private function init() {
150160
$this->cache = new FailedCache();
151161
$this->rootPath = '';
152162
} else {
163+
if ($this->nonMaskedStorage instanceof Wrapper && $this->nonMaskedStorage->isWrapperOf($this)) {
164+
throw new \Exception('recursive share detected');
165+
}
153166
$this->nonMaskedStorage = $ownerNode->getStorage();
154167
$this->sourcePath = $ownerNode->getPath();
155168
$this->rootPath = $ownerNode->getInternalPath();
@@ -178,6 +191,7 @@ private function init() {
178191
if (!$this->nonMaskedStorage) {
179192
$this->nonMaskedStorage = $this->storage;
180193
}
194+
self::$initDepth--;
181195
}
182196

183197
/**
@@ -411,7 +425,7 @@ public function getCache($path = '', $storage = null) {
411425
return new FailedCache();
412426
}
413427

414-
$this->cache = new Cache(
428+
$this->cache = new \OCA\Files_Sharing\Cache(
415429
$storage,
416430
$sourceRoot,
417431
\OC::$server->get(CacheDependencies::class),

lib/private/Files/Storage/Wrapper/Wrapper.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -654,4 +654,15 @@ public function writeStream(string $path, $stream, int $size = null): int {
654654
public function getDirectoryContent($directory): \Traversable {
655655
return $this->getWrapperStorage()->getDirectoryContent($directory);
656656
}
657+
658+
public function isWrapperOf(IStorage $storage) {
659+
$wrapped = $this->getWrapperStorage();
660+
if ($wrapped === $storage) {
661+
return true;
662+
}
663+
if ($wrapped instanceof Wrapper) {
664+
return $wrapped->isWrapperOf($storage);
665+
}
666+
return false;
667+
}
657668
}

0 commit comments

Comments
 (0)