From ba9a797eaad9aaeeed7960f03f40593a84096512 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Thu, 2 Apr 2015 17:16:27 +0200 Subject: [PATCH] Encryption storage wrapper is enabled by default - necessary to detect encrypted files even if encryption was disabled after files have been encrypted - prevents data corruption --- lib/base.php | 5 +---- lib/private/files/storage/wrapper/encryption.php | 14 +++++++++++++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/base.php b/lib/base.php index 1d53646415..be397e5244 100644 --- a/lib/base.php +++ b/lib/base.php @@ -701,10 +701,7 @@ class OC { } private static function registerEncryptionWrapper() { - $enabled = self::$server->getEncryptionManager()->isEnabled(); - if ($enabled) { - \OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC\Encryption\Manager', 'setupStorage'); - } + \OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC\Encryption\Manager', 'setupStorage'); } private static function registerEncryptionHooks() { diff --git a/lib/private/files/storage/wrapper/encryption.php b/lib/private/files/storage/wrapper/encryption.php index 2e5bbfd97b..946e7bfbe4 100644 --- a/lib/private/files/storage/wrapper/encryption.php +++ b/lib/private/files/storage/wrapper/encryption.php @@ -229,13 +229,17 @@ class Encryption extends Wrapper { $encryptionModuleId = $this->util->getEncryptionModuleId($header); $size = $unencryptedSize = 0; - if ($this->file_exists($path)) { + $targetExists = $this->file_exists($path); + $targetIsEncrypted = false; + if ($targetExists) { // in case the file exists we require the explicit module as // specified in the file header - otherwise we need to fail hard to // prevent data loss on client side if (!empty($encryptionModuleId)) { + $targetIsEncrypted = true; $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId); } + $size = $this->storage->filesize($path); $unencryptedSize = $this->filesize($path); } @@ -266,6 +270,14 @@ class Encryption extends Wrapper { '" not found, file will be stored unencrypted'); } + // encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt + $encEnabled = $this->encryptionManager->isEnabled(); + if (!$encEnabled ) { + if (!$targetExists || !$targetIsEncrypted) { + $shouldEncrypt = false; + } + } + if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) { $source = $this->storage->fopen($path, $mode); $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,