From d34a125d5a20bec416ff28d32648b9119677f3c7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Wed, 27 Apr 2016 12:54:43 -0400
Subject: Fix bug that prevented resuming of uploads to encrypted special
 remotes that used chunking. This bug could also expose the names of keys to
 such remotes.

This is a low-severity security hole.
---
 Remote/Helper/Chunked.hs | 10 ++++++----
 Remote/Helper/Special.hs |  3 ++-
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'Remote')

diff --git a/Remote/Helper/Chunked.hs b/Remote/Helper/Chunked.hs
index 8098abc4f..e3cf0d27b 100644
--- a/Remote/Helper/Chunked.hs
+++ b/Remote/Helper/Chunked.hs
@@ -99,13 +99,14 @@ numChunks = pred . fromJust . keyChunkNum . fst . nextChunkKeyStream
 storeChunks
 	:: UUID
 	-> ChunkConfig
+	-> EncKey
 	-> Key
 	-> FilePath
 	-> MeterUpdate
 	-> Storer
 	-> CheckPresent
 	-> Annex Bool
-storeChunks u chunkconfig k f p storer checker = 
+storeChunks u chunkconfig encryptor k f p storer checker = 
 	case chunkconfig of
 		(UnpaddedChunks chunksize) | isStableKey k -> 
 			bracketIO open close (go chunksize)
@@ -121,7 +122,7 @@ storeChunks u chunkconfig k f p storer checker =
 		return False
 	go chunksize (Right h) = do
 		let chunkkeys = chunkKeyStream k chunksize
-		(chunkkeys', startpos) <- seekResume h chunkkeys checker
+		(chunkkeys', startpos) <- seekResume h encryptor chunkkeys checker
 		b <- liftIO $ L.hGetContents h
 		gochunks p startpos chunksize b chunkkeys'
 
@@ -165,10 +166,11 @@ storeChunks u chunkconfig k f p storer checker =
  -}
 seekResume
 	:: Handle
+	-> EncKey
 	-> ChunkKeyStream
 	-> CheckPresent
 	-> Annex (ChunkKeyStream, BytesProcessed)
-seekResume h chunkkeys checker = do
+seekResume h encryptor chunkkeys checker = do
 	sz <- liftIO (hFileSize h)
 	if sz <= fromMaybe 0 (keyChunkSize $ fst $ nextChunkKeyStream chunkkeys)
 		then return (chunkkeys, zeroBytesProcessed)
@@ -180,7 +182,7 @@ seekResume h chunkkeys checker = do
 			liftIO $ hSeek h AbsoluteSeek sz
 			return (cks, toBytesProcessed sz)
 		| otherwise = do
-			v <- tryNonAsync (checker k)
+			v <- tryNonAsync (checker (encryptor k))
 			case v of
 				Right True ->
 					check pos' cks' sz
diff --git a/Remote/Helper/Special.hs b/Remote/Helper/Special.hs
index fdadc97b9..f9b5deae4 100644
--- a/Remote/Helper/Special.hs
+++ b/Remote/Helper/Special.hs
@@ -189,11 +189,12 @@ specialRemote' cfg c preparestorer prepareretriever prepareremover preparecheckp
 		go Nothing = return False
 		go' storer (Just checker) = sendAnnex k rollback $ \src ->
 			displayprogress p k $ \p' ->
-				storeChunks (uuid baser) chunkconfig k src p'
+				storeChunks (uuid baser) chunkconfig enck k src p'
 					(storechunk enc storer)
 					checker
 		go' _ Nothing = return False
 		rollback = void $ removeKey encr k
+		enck = maybe id snd enc
 
 	storechunk Nothing storer k content p = storer k content p
 	storechunk (Just (cipher, enck)) storer k content p = do
-- 
cgit v1.2.3