Skip to content

fix reading newly written encrypted files before their cache entry is written #34724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
PVince81 merged 2 commits into from
Dec 20, 2022
Merged

fix reading newly written encrypted files before their cache entry is written #34724

PVince81 merged 2 commits into from
Dec 20, 2022

Conversation

@icewind1991
Copy link
Member

@icewind1991 icewind1991 commented Oct 21, 2022

Keep track of which files we know are encrypted so we know to decrypt them even if they are not in the cache.

This fixes an interaction with files_accesscontrol where it tried to check the mimetype before the item was added to cache, resulting in it always detecting the mimetype as application/octet-stream (note that in a later step the mimetype was detected properly)

To test:

  • Apply fix null error in getUnencryptedSize #34579 to fix another accesscontrol+encryption issue
  • Enable server-side encryption and files_accesscontrol
  • Setup an access control rule blocking files with the mimetype application/octet-stream
  • Attempt to upload any file

@icewind1991 icewind1991 added the 3. to review Waiting for reviews label Oct 21, 2022
@icewind1991 icewind1991 added this to the Nextcloud 26 milestone Oct 21, 2022
@icewind1991 icewind1991 requested review from a team, CarlSchwan, PVince81 and blizzz and removed request for a team October 21, 2022 14:28
PVince81
PVince81 reviewed Oct 21, 2022
View reviewed changes
PVince81
PVince81 approved these changes Oct 21, 2022
View reviewed changes
Copy link
Member

@PVince81 PVince81 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 see minor comment

@icewind1991 icewind1991 force-pushed the encryption-read-before-cache branch from f972374 to 2a2d3e2 Compare October 24, 2022 12:53
@PVince81
Copy link
Member

PVince81 commented Nov 4, 2022

encryption tests are failing

@PVince81 PVince81 added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Nov 4, 2022
@icewind1991 icewind1991 force-pushed the encryption-read-before-cache branch from 2a2d3e2 to bfc2bb3 Compare November 30, 2022 14:11
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 30, 2022
View reviewed changes
@icewind1991 icewind1991 force-pushed the encryption-read-before-cache branch from bfc2bb3 to 32840f1 Compare December 1, 2022 11:26
@icewind1991 icewind1991 force-pushed the encryption-read-before-cache branch from 32840f1 to e3a0e64 Compare December 1, 2022 13:36
@PVince81 PVince81 added 4. to release Ready to be released and/or waiting for tests to finish and removed 2. developing Work in progress labels Dec 1, 2022
@PVince81 PVince81 merged commit 3bcbc47 into master Dec 20, 2022
@PVince81 PVince81 deleted the encryption-read-before-cache branch December 20, 2022 16:16
@PVince81
Copy link
Member

PVince81 commented Dec 20, 2022

sounds a bit similar to #25768

@PVince81
Copy link
Member

PVince81 commented Dec 20, 2022

/backport to stable25

@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented Dec 20, 2022

The backport to stable25 failed. Please do this backport manually.

This was referenced Sep 6, 2023
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PVince81 PVince81 PVince81 approved these changes

@CarlSchwan CarlSchwan CarlSchwan approved these changes

@blizzz blizzz Awaiting requested review from blizzz

Assignees

No one assigned

Labels

4. to release Ready to be released and/or waiting for tests to finish

Projects

None yet

Milestone

Nextcloud 26

Development

Successfully merging this pull request may close these issues.

5 participants

@icewind1991 @PVince81 @CarlSchwan @skjnldsv