From a56f2ec183091dc6d95109806612454c66ce0f07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= <schiessle@owncloud.com>
Date: Thu, 27 Sep 2012 11:20:37 +0200
Subject: [PATCH] only upload valid ssl root certificates

---
 .../ajax/addRootCertificate.php               | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php
index 8848f85cf9..42927b8606 100644
--- a/apps/files_external/ajax/addRootCertificate.php
+++ b/apps/files_external/ajax/addRootCertificate.php
@@ -5,19 +5,27 @@ OCP\JSON::checkAppEnabled('files_external');
 $fh = fopen($_FILES['rootcert_import']['tmp_name'], 'r');
 $data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name']));
 fclose($fh);
+$filename = $_FILES['rootcert_import']['name'];
 
 $view = new \OC_FilesystemView('/'.\OCP\User::getUser().'/files_external/uploads');
 if (!$view->file_exists('')) $view->mkdir('');
 
-//check if it is a PEM certificate, otherwise convert it if possible
-if (!strpos($data, 'BEGIN CERTIFICATE')) {
+$isValid = openssl_pkey_get_public($data);
+
+//maybe it was just the wrong file format, try to convert it...
+if ($isValid == false) {
 	$data = chunk_split(base64_encode($data), 64, "\n");
-	$data = "-----BEGIN CERTIFICATE-----\n".$data."-----END CERTIFICATE-----\n";
+	$data = "-----BEGIN CERTIFICATE-----\n".$data."-----END CERTIFICATE-----\n";
+	$isValid = openssl_pkey_get_public($data);
 }
 
-$view->file_put_contents($_FILES['rootcert_import']['name'], $data);
-
-OC_Mount_Config::createCertificateBundle();
+// add the certificate if it could be verified
+if ( $isValid ) {
+	$view->file_put_contents($filename, $data);
+	OC_Mount_Config::createCertificateBundle();
+} else {
+	OCP\Util::writeLog("files_external", "Couldn't import SSL root certificate ($filename), allowed formats: PEM and DER", OCP\Util::WARN);
+}
 
 header("Location: settings/personal.php");
 exit;
-- 
GitLab