Sanitize length headers when validating quota

2d781e56 · Thomas Müller · 6b8e8edc · 2d781e56 · 2d781e56
Unverified Commit 2d781e56 authored Oct 13, 2016 by Thomas Müller
--- a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php
+++ b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php
@@ -24,6 +24,11 @@
 *
 */
 namespace OCA\DAV\Connector\Sabre;
+use OCP\Files\FileInfo;
+use OCP\Files\StorageNotAvailableException;
+use Sabre\DAV\Exception\InsufficientStorage;
+use Sabre\DAV\Exception\ServiceUnavailable;
+use Sabre\HTTP\URLUtil;

 /**
 * This plugin check user quota and deny creating files when they exceeds the quota.
@@ -76,17 +81,16 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
 	 * This method is called before any HTTP method and validates there is enough free space to store the file
 	 *
 	 * @param string $uri
-	 * @param null $data
-	 * @throws \Sabre\DAV\Exception\InsufficientStorage
+	 * @throws InsufficientStorage
 	 * @return bool
 	 */
-	public function checkQuota($uri, $data = null) {
+	public function checkQuota($uri) {
 		$length = $this->getLength();
 		if ($length) {
 			if (substr($uri, 0, 1) !== '/') {
 				$uri = '/' . $uri;
 			}
-			list($parentUri, $newName) = \Sabre\HTTP\URLUtil::splitPath($uri);
+			list($parentUri, $newName) = URLUtil::splitPath($uri);
 			if(is_null($parentUri)) {
 				$parentUri = '';
 			}
@@ -101,11 +105,11 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
 				$uri = rtrim($parentUri, '/') . '/' . $info['name'];
 			}
 			$freeSpace = $this->getFreeSpace($uri);
-			if ($freeSpace !== \OCP\Files\FileInfo::SPACE_UNKNOWN && $length > $freeSpace) {
+			if ($freeSpace !== FileInfo::SPACE_UNKNOWN && $length > $freeSpace) {
 				if (isset($chunkHandler)) {
 					$chunkHandler->cleanup();
 				}
-				throw new \Sabre\DAV\Exception\InsufficientStorage();
+				throw new InsufficientStorage();
 			}
 		}
 		return true;
@@ -119,12 +123,13 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
 	public function getLength() {
 		$req = $this->server->httpRequest;
 		$length = $req->getHeader('X-Expected-Entity-Length');
-		if (!$length) {
+		if (!is_numeric($length)) {
 			$length = $req->getHeader('Content-Length');
+			$length = is_numeric($length) ? $length : null;
 		}

 		$ocLength = $req->getHeader('OC-Total-Length');
-		if ($length && $ocLength) {
+		if (is_numeric($length) && is_numeric($ocLength)) {
 			return max($length, $ocLength);
 		}

@@ -134,13 +139,14 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
 	/**
 	 * @param string $uri
 	 * @return mixed
+	 * @throws ServiceUnavailable
 	 */
 	public function getFreeSpace($uri) {
 		try {
 			$freeSpace = $this->view->free_space(ltrim($uri, '/'));
 			return $freeSpace;
-		} catch (\OCP\Files\StorageNotAvailableException $e) {
-			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
+		} catch (StorageNotAvailableException $e) {
+			throw new ServiceUnavailable($e->getMessage());
 		}
 	}
 }
--- a/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php
@@ -22,22 +22,20 @@
 *
 */
 namespace OCA\DAV\Tests\unit\Connector\Sabre;
+use Test\TestCase;
+
 /**
 * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */
-class QuotaPluginTest extends \Test\TestCase {
+class QuotaPluginTest extends TestCase {

-	/**
-	 * @var \Sabre\DAV\Server
-	 */
+	/** @var \Sabre\DAV\Server | \PHPUnit_Framework_MockObject_MockObject */
 	private $server;

-	/**
-	 * @var \OCA\DAV\Connector\Sabre\QuotaPlugin
-	 */
+	/** @var \OCA\DAV\Connector\Sabre\QuotaPlugin | \PHPUnit_Framework_MockObject_MockObject */
 	private $plugin;

 	private function init($quota, $checkedPath = '') {
@@ -130,6 +128,12 @@ class QuotaPluginTest extends \Test\TestCase {
 			[512, ['CONTENT-LENGTH' => '512']],
 			[2048, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024']],
 			[4096, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096']],
+			[null, ['X-EXPECTED-ENTITY-LENGTH' => 'A']],
+			[null, ['CONTENT-LENGTH' => 'A']],
+			[1024, ['OC-TOTAL-LENGTH' => 'A', 'CONTENT-LENGTH' => '1024']],
+			[1024, ['OC-TOTAL-LENGTH' => 'A', 'X-EXPECTED-ENTITY-LENGTH' => '1024']],
+			[null, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => 'A']],
+			[null, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => 'A']],
 		];
 	}

@@ -211,8 +215,11 @@ class QuotaPluginTest extends \Test\TestCase {
 	}

 	private function buildFileViewMock($quota, $checkedPath) {
-		// mock filesysten
-		$view = $this->createMock('\OC\Files\View', ['free_space'], [], '', false);
+		// mock file systen
+		$view = $this->getMockBuilder('\OC\Files\View')
+			->setMethods(['free_space'])
+			->setConstructorArgs([])
+			->getMock();
 		$view->expects($this->any())
 			->method('free_space')
 			->with($this->identicalTo($checkedPath))