Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bugfix/signature #7333

Merged
merged 4 commits into from
Oct 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/libsync/discoveryphase.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -696,6 +696,14 @@
}
}

if (job->signature().isEmpty()) {
qCDebug(lcDiscovery) << "Initial signature is empty.";
_account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
emit finished(HttpError{0, tr("Encrypted metadata setup error: initial signature from server is empty.")});

Check warning on line 702 in src/libsync/discoveryphase.cpp

View workflow job for this annotation

GitHub Actions / build

src/libsync/discoveryphase.cpp:702:14 [cppcoreguidelines-init-variables]

variable 'finished' is not initialized
deleteLater();
return;
}

const auto e2EeFolderMetadata = new FolderMetadata(_account,
_remoteRootFolderPath,
statusCode == 404 ? QByteArray{} : json.toJson(QJsonDocument::Compact),
Expand Down
6 changes: 6 additions & 0 deletions src/libsync/foldermetadata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,12 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
}
}

if (_initialSignature.isEmpty()) {
qCDebug(lcCseMetadata()) << "Signature is empty";
_account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
return;
}

if (!parseFileDropPart(metaDataDoc)) {
qCDebug(lcCseMetadata()) << "Could not parse filedrop part";
return;
Expand Down
35 changes: 35 additions & 0 deletions test/testclientsideencryptionv2.cpp
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/*

Check notice on line 1 in test/testclientsideencryptionv2.cpp

View workflow job for this annotation

GitHub Actions / build

Run clang-format on test/testclientsideencryptionv2.cpp

File test/testclientsideencryptionv2.cpp does not conform to Custom style guidelines. (lines 212, 216, 217, 218)
* Copyright (C) 2024 by Oleksandr Zolotov <alex@nextcloud.com>
*
* This program is free software; you can redistribute it and/or modify
Expand Down Expand Up @@ -192,6 +192,41 @@
QVERIFY(metadataFromJson->isValid());
}

void testFolderMetadataWithEmptySignatureDecryptFails()
{
QScopedPointer<FolderMetadata> metadata(new FolderMetadata(_account, "/", FolderMetadata::FolderType::Root));
QSignalSpy metadataSetupCompleteSpy(metadata.data(), &FolderMetadata::setupComplete);
metadataSetupCompleteSpy.wait();
QCOMPARE(metadataSetupCompleteSpy.count(), 1);
QVERIFY(metadata->isValid());

const auto encryptedMetadata = metadata->encryptedMetadata();
QVERIFY(!encryptedMetadata.isEmpty());

const auto signature = metadata->metadataSignature();
QVERIFY(!signature.isEmpty());

auto encryptedMetadataCopy = encryptedMetadata;
encryptedMetadataCopy.replace("\"", "\\\"");

const QJsonDocument ocsDoc = QJsonDocument::fromJson(QStringLiteral("{\"ocs\": {\"data\": {\"meta-data\": \"%1\"}}}")
.arg(QString::fromUtf8(encryptedMetadataCopy)).toUtf8());

const QByteArray emptySignature = {};
QScopedPointer<FolderMetadata> metadataFromJson(new FolderMetadata(_account, "/",
ocsDoc.toJson(),
RootEncryptedFolderInfo::makeDefault(),
emptySignature));

QSignalSpy metadataSetupExistingCompleteSpy(metadataFromJson.data(), &FolderMetadata::setupComplete);
metadataSetupExistingCompleteSpy.wait();
QCOMPARE(metadataSetupExistingCompleteSpy.count(), 1);

QVERIFY(metadataFromJson->metadataSignature().isEmpty());
QVERIFY(metadataFromJson->metadataKeyForDecryption().isEmpty());
QVERIFY(!metadataFromJson->isValid());
}

void testE2EeFolderMetadataSharing()
{
// instantiate empty metadata, add a file, and share with a second user "sharee"
Expand Down
Loading