Fix bug that prevented resuming of uploads to encrypted special remotes that used chunking. This bug could also expose the names of keys to such remotes.

This is a low-severity security hole.

1 files changed, 18 insertions, 0 deletions

diff --git a/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment b/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment
new file mode 100644
index 000000000..e50f00afb
--- /dev/null
+++ b/doc/bugs/External_special_remote_broken__63__/comment_1_904a186a6400506303cad772ac1a6751._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-04-27T16:23:43Z"
+ content="""
+Reproduced this using a directory special remote.
+
+The first checkpresent is because a file can be present on a remote in
+non-chunked form, since a remote can be reconfigured to add chunking.
+So it's nothing to worry about.
+
+The lack of encryption of the key when checking to resume is definitely a
+bug. A bit of a security bug too, although it only happens when resuming
+uploads. (I double checked the other operations and they all encrypt keys)
+I suppose that if the server was hostile, it could randomly make
+uploads fail, in order to get git-annex to expose content keys via
+this bug when resuming.
+"""]]