[stable-3.6] Bugfix/e2ee vulnerability empty metadatakeys #5335

backportbot-nextcloud · 2023-01-18T11:29:09Z

backport of #5323

… server. Signed-off-by: alex-z <blackslayer4@gmail.com>

Signed-off-by: alex-z <blackslayer4@gmail.com>

sonarcloud · 2023-01-18T12:56:25Z

Kudos, SonarCloud Quality Gate passed!

No Coverage information
No Duplication information

nextcloud-desktop-bot · 2023-01-18T14:21:23Z

AppImage file: nextcloud-PR-5335-c2a4af5647733523e1d896997594070608fc285e-x86_64.AppImage

To test this change/fix you can simply download above AppImage file and test it.

Please make sure to quit your existing Nextcloud app and backup your data.

backportbot-nextcloud bot added this to the 3.6.5 milestone Jan 18, 2023

backportbot-nextcloud bot requested review from allexzander, claucambra and mgallien January 18, 2023 11:29

allexzander approved these changes Jan 18, 2023

View reviewed changes

allexzander force-pushed the backport/5323/stable-3.6 branch from 01518fd to c52ab07 Compare January 18, 2023 12:07

allexzander added 4 commits January 18, 2023 13:32

Fix security vulnerability when receiving empty metadataKeys from the…

8abf013

… server. Signed-off-by: alex-z <blackslayer4@gmail.com>

Fix memory leak.

c68c74e

Signed-off-by: alex-z <blackslayer4@gmail.com>

remove unrelated changes

cdc1a7b

Signed-off-by: alex-z <blackslayer4@gmail.com>

remove unrelated changes

c2a4af5

Signed-off-by: alex-z <blackslayer4@gmail.com>

allexzander force-pushed the backport/5323/stable-3.6 branch from c52ab07 to c2a4af5 Compare January 18, 2023 12:32

allexzander merged commit ff1db46 into stable-3.6 Jan 18, 2023

allexzander deleted the backport/5323/stable-3.6 branch January 18, 2023 12:33

Provide feedback