diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2016-04-27 12:54:43 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-04-27 12:54:43 -0400 |
| commit | d34a125d5a20bec416ff28d32648b9119677f3c7 (patch) | |
| tree | 2dffa4196fc4e179ad1d0d86d4976eedafd70fb9 /Remote | |
| parent | 0328c7d3c46344be3570f5813aa8a2c5e57f89c3 (diff) | |
Fix bug that prevented resuming of uploads to encrypted special remotes that used chunking. This bug could also expose the names of keys to such remotes.
This is a low-severity security hole.
Diffstat (limited to 'Remote')
| -rw-r--r-- | Remote/Helper/Chunked.hs | 10 | ||||
| -rw-r--r-- | Remote/Helper/Special.hs | 3 |
2 files changed, 8 insertions, 5 deletions
diff --git a/Remote/Helper/Chunked.hs b/Remote/Helper/Chunked.hs index 8098abc4f..e3cf0d27b 100644 --- a/Remote/Helper/Chunked.hs +++ b/Remote/Helper/Chunked.hs @@ -99,13 +99,14 @@ numChunks = pred . fromJust . keyChunkNum . fst . nextChunkKeyStream storeChunks :: UUID -> ChunkConfig + -> EncKey -> Key -> FilePath -> MeterUpdate -> Storer -> CheckPresent -> Annex Bool -storeChunks u chunkconfig k f p storer checker = +storeChunks u chunkconfig encryptor k f p storer checker = case chunkconfig of (UnpaddedChunks chunksize) | isStableKey k -> bracketIO open close (go chunksize) @@ -121,7 +122,7 @@ storeChunks u chunkconfig k f p storer checker = return False go chunksize (Right h) = do let chunkkeys = chunkKeyStream k chunksize - (chunkkeys', startpos) <- seekResume h chunkkeys checker + (chunkkeys', startpos) <- seekResume h encryptor chunkkeys checker b <- liftIO $ L.hGetContents h gochunks p startpos chunksize b chunkkeys' @@ -165,10 +166,11 @@ storeChunks u chunkconfig k f p storer checker = -} seekResume :: Handle + -> EncKey -> ChunkKeyStream -> CheckPresent -> Annex (ChunkKeyStream, BytesProcessed) -seekResume h chunkkeys checker = do +seekResume h encryptor chunkkeys checker = do sz <- liftIO (hFileSize h) if sz <= fromMaybe 0 (keyChunkSize $ fst $ nextChunkKeyStream chunkkeys) then return (chunkkeys, zeroBytesProcessed) @@ -180,7 +182,7 @@ seekResume h chunkkeys checker = do liftIO $ hSeek h AbsoluteSeek sz return (cks, toBytesProcessed sz) | otherwise = do - v <- tryNonAsync (checker k) + v <- tryNonAsync (checker (encryptor k)) case v of Right True -> check pos' cks' sz diff --git a/Remote/Helper/Special.hs b/Remote/Helper/Special.hs index fdadc97b9..f9b5deae4 100644 --- a/Remote/Helper/Special.hs +++ b/Remote/Helper/Special.hs @@ -189,11 +189,12 @@ specialRemote' cfg c preparestorer prepareretriever prepareremover preparecheckp go Nothing = return False go' storer (Just checker) = sendAnnex k rollback $ \src -> displayprogress p k $ \p' -> - storeChunks (uuid baser) chunkconfig k src p' + storeChunks (uuid baser) chunkconfig enck k src p' (storechunk enc storer) checker go' _ Nothing = return False rollback = void $ removeKey encr k + enck = maybe id snd enc storechunk Nothing storer k content p = storer k content p storechunk (Just (cipher, enck)) storer k content p = do |