mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Encryption storage wrapper is enabled by default - necessary to detect encrypted files even if encryption was disabled after files have been encrypted - prevents data corruption

This commit is contained in:
Thomas Müller 2015-04-02 17:16:27 +02:00
parent 9a7fbbbc5a
commit ba9a797eaa
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/base.php
View File

@ -701,11 +701,8 @@ class OC {
} }
private static function registerEncryptionWrapper() { private static function registerEncryptionWrapper() {
$enabled = self::$server->getEncryptionManager()->isEnabled();
if ($enabled) {
\OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC\Encryption\Manager', 'setupStorage'); \OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC\Encryption\Manager', 'setupStorage');
} }
}
private static function registerEncryptionHooks() { private static function registerEncryptionHooks() {
$enabled = self::$server->getEncryptionManager()->isEnabled(); $enabled = self::$server->getEncryptionManager()->isEnabled();

14
lib/private/files/storage/wrapper/encryption.php
View File

@ -229,13 +229,17 @@ class Encryption extends Wrapper {
$encryptionModuleId = $this->util->getEncryptionModuleId($header); $encryptionModuleId = $this->util->getEncryptionModuleId($header);
$size = $unencryptedSize = 0; $size = $unencryptedSize = 0;
if ($this->file_exists($path)) { $targetExists = $this->file_exists($path);
$targetIsEncrypted = false;
if ($targetExists) {
// in case the file exists we require the explicit module as // in case the file exists we require the explicit module as
// specified in the file header - otherwise we need to fail hard to // specified in the file header - otherwise we need to fail hard to
// prevent data loss on client side // prevent data loss on client side
if (!empty($encryptionModuleId)) { if (!empty($encryptionModuleId)) {
$targetIsEncrypted = true;
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId); $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
} }
$size = $this->storage->filesize($path); $size = $this->storage->filesize($path);
$unencryptedSize = $this->filesize($path); $unencryptedSize = $this->filesize($path);
} }
@ -266,6 +270,14 @@ class Encryption extends Wrapper {
'" not found, file will be stored unencrypted'); '" not found, file will be stored unencrypted');
} }
// encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
$encEnabled = $this->encryptionManager->isEnabled();
if (!$encEnabled ) {
if (!$targetExists || !$targetIsEncrypted) {
$shouldEncrypt = false;
}
}
if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) { if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) {
$source = $this->storage->fopen($path, $mode); $source = $this->storage->fopen($path, $mode);
$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header, $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,