Fix bug that prevented resuming of uploads to encrypted special remotes that used chunking. This bug could also expose the names of keys to such remotes.
This is a low-severity security hole.
This commit is contained in:
Joey Hess
parent
363b984176
commit
b890f3a53d
5 changed files with 30 additions and 6 deletions
|
|
@ -99,13 +99,14 @@ numChunks = pred . fromJust . keyChunkNum . fst . nextChunkKeyStream
|
|||
storeChunks
|
||||
:: UUID
|
||||
-> ChunkConfig
|
||||
-> EncKey
|
||||
-> Key
|
||||
-> FilePath
|
||||
-> MeterUpdate
|
||||
-> Storer
|
||||
-> CheckPresent
|
||||
-> Annex Bool
|
||||
storeChunks u chunkconfig k f p storer checker =
|
||||
storeChunks u chunkconfig encryptor k f p storer checker =
|
||||
case chunkconfig of
|
||||
(UnpaddedChunks chunksize) | isStableKey k ->
|
||||
bracketIO open close (go chunksize)
|
||||
|
|
@ -121,7 +122,7 @@ storeChunks u chunkconfig k f p storer checker =
|
|||
return False
|
||||
go chunksize (Right h) = do
|
||||
let chunkkeys = chunkKeyStream k chunksize
|
||||
(chunkkeys', startpos) <- seekResume h chunkkeys checker
|
||||
(chunkkeys', startpos) <- seekResume h encryptor chunkkeys checker
|
||||
b <- liftIO $ L.hGetContents h
|
||||
gochunks p startpos chunksize b chunkkeys'
|
||||
|
||||
|
|
@ -165,10 +166,11 @@ storeChunks u chunkconfig k f p storer checker =
|
|||
-}
|
||||
seekResume
|
||||
:: Handle
|
||||
-> EncKey
|
||||
-> ChunkKeyStream
|
||||
-> CheckPresent
|
||||
-> Annex (ChunkKeyStream, BytesProcessed)
|
||||
seekResume h chunkkeys checker = do
|
||||
seekResume h encryptor chunkkeys checker = do
|
||||
sz <- liftIO (hFileSize h)
|
||||
if sz <= fromMaybe 0 (keyChunkSize $ fst $ nextChunkKeyStream chunkkeys)
|
||||
then return (chunkkeys, zeroBytesProcessed)
|
||||
|
|
@ -180,7 +182,7 @@ seekResume h chunkkeys checker = do
|
|||
liftIO $ hSeek h AbsoluteSeek sz
|
||||
return (cks, toBytesProcessed sz)
|
||||
| otherwise = do
|
||||
v <- tryNonAsync (checker k)
|
||||
v <- tryNonAsync (checker (encryptor k))
|
||||
case v of
|
||||
Right True ->
|
||||
check pos' cks' sz
|
||||
|
|
|
|||
|
|
@ -189,11 +189,12 @@ specialRemote' cfg c preparestorer prepareretriever prepareremover preparecheckp
|
|||
go Nothing = return False
|
||||
go' storer (Just checker) = sendAnnex k rollback $ \src ->
|
||||
displayprogress p k $ \p' ->
|
||||
storeChunks (uuid baser) chunkconfig k src p'
|
||||
storeChunks (uuid baser) chunkconfig enck k src p'
|
||||
(storechunk enc storer)
|
||||
checker
|
||||
go' _ Nothing = return False
|
||||
rollback = void $ removeKey encr k
|
||||
enck = maybe id snd enc
|
||||
|
||||
storechunk Nothing storer k content p = storer k content p
|
||||
storechunk (Just (cipher, enck)) storer k content p = do
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue