mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

clamp filekeys to max 72 chars

Browse source 
fixes a bug reported on discord:

a sha512 checksum does not cleanly encode to base64, and the
padding runs afoul of the safety-check added in 988a7223f4

as there is not a single reason to use a filekey that long,
fix it by setting an upper limit (which is still ridiculous)
This commit is contained in:
ed 2025-01-22 22:17:57 +00:00
parent d9db1534b1
commit e0cac6fd99
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
copyparty/authsrv.py
View file

@ -1832,7 +1832,11 @@ class AuthSrv(object):
if fka and not fk: if fka and not fk:
fk = fka fk = fka
if fk: if fk:
vol.flags["fk"] = int(fk) if fk is not True else 8 fk = 8 if fk is True else int(fk)
if fk > 72:
t = "max filekey-length is 72; volume /%s specified %d (anything higher than 16 is pointless btw)"
raise Exception(t % (vol.vpath, fk))
vol.flags["fk"] = fk
have_fk = True have_fk = True
dk = vol.flags.get("dk") dk = vol.flags.get("dk")

2
copyparty/httpcli.py
View file

@ -513,7 +513,7 @@ class HttpCli(object):
return False return False
if "k" in uparam: if "k" in uparam:
m = RE_K.search(uparam["k"]) m = re_k.search(uparam["k"])
if m: if m:
zs = uparam["k"] zs = uparam["k"]
t = "malicious user; illegal filekey; req(%r) k(%r) => %r" t = "malicious user; illegal filekey; req(%r) k(%r) => %r"