New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1.0 #25557

Closed
Revisor01 opened this Issue Jul 21, 2016 · 205 comments

Comments

Projects
None yet
@Revisor01

Revisor01 commented Jul 21, 2016

Steps to reproduce

  1. Upgrade to owncloud 9.1
  2. Login
  3. It shows CSRF check failed
  4. Deactivated files_sharing via occ
  5. Login workes

Expected behaviour

Login and works

Actual behaviour

shows CSRF check failed

Server configuration

Operating system:

Web server:
all-inkl.com
Database:
5.6.30
PHP version:
5.6.23
ownCloud version: (see ownCloud admin page)
9.1
Updated from an older ownCloud or fresh install:
updated from 9.0.3
Where did you install ownCloud from:
Install from tar.bz2
Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

Enabled:

  • activity: 2.3.2
  • calendar: 1.2.2
  • comments: 0.3.0
  • contacts: 1.3.1.0
  • dav: 0.2.5
  • federatedfilesharing: 0.3.0
  • federation: 0.1.0
  • files: 1.5.1
  • files_pdfviewer: 0.8.1
  • files_texteditor: 2.1
  • files_trashbin: 0.9.0
  • files_sharing 0.10.0
  • files_versions: 1.3.0
  • files_videoplayer: 0.9.8
  • gallery: 15.0.0
  • notifications: 0.3.0
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • updatenotification: 0.2.1
    Disabled:
  • encryption
  • external
  • files_antivirus
  • files_external
  • firstrunwizard
  • templateeditor
  • user_external
  • user_ldap

The content of config/config.php:

$CONFIG = array (
'trusted_domains' =>
array (
0 => 'owncloud..de',
1 => 'owncloud..de',
2 => '.de',
3 => 'www.owncloud..de',
4 => 'www.owncloud..de',
5 => '.de',
),
'datadirectory' => '/www/htdocs///ownclouddata/data',
'tempdirectory' => '/www/htdocs///ownclouddata/tmp',
'overwrite.cli.url' => 'http://.de/cloud/owncloud',
'dbtype' => 'mysql',
'version' => '9.1.0.15',
'dbname' => 'd01cd1d3',
'dbhost' => '127.0.0.1',
'dbtableprefix' => 'oc_',
'filesystem_check_changes' => 0,
'dbuser' => 'd01cd1d3',
'dbpassword' => '',
'installed' => true,
'forcessl' => true,
'theme' => '',
'maintenance' => false,
'loglevel' => 3,
'mail_smtpmode' => 'smtp',
'appstore.experimental.enabled' => true,
'mail_from_address' => 'info',
'mail_domain' => 'owncloud.de',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtphost' => 'w01078ba.kasserver.com',
'mail_smtpport' => '465',
'mail_smtpauth' => 1,
'mail_smtpname' => '',
'mail_smtppassword' => '',
'trashbin_retention_obligation' => 'auto',
'enabledPreviewProviders' =>
array (
0 => 'OC\Preview\Image',
1 => 'OC\Preview\MP3',
2 => 'OC\Preview\TXT',
3 => 'OC\Preview\MarkDown',
4 => 'OC\Preview\Epub',
5 => 'OC\Preview\PDF',
6 => 'OC\Preview\OpenDocument',
7 => 'OC\Preview\StarOffice',
8 => 'OC\Preview\MSOfficeDoc',
9 => 'OC\Preview\MSOffice2003',
10 => 'OC\Preview\MSOffice2007',
),
'updater.secret' => '',
'mail_smtpsecure' => 'ssl',
);

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser:
Chrome
Operating system:
Mac OSX 10.11.6

Logs

Web server error log

{"reqId":"V5DHUlUNh8EAAC3bt5kAAAAk","remoteAddr":"217.93.9.75","app":"core","message":"starting upgrade from 9.0.1.3 to 9.1.0.15","level":0,"time":"2016-07-21T13:00:03+00:00","method":"GET","url":"/core/ajax/update.php?requesttoken=%3D%%3D","user":"--"}
{"reqId":"V5DHUlUNh8EAAC3bt5kAAAAk","remoteAddr":"217.93.9.75","app":"core","message":"Exception: {"Exception":"Exception","Message":"Die Anwendung konnte nicht installiert werden, weil Sie nicht mit dieser Version von ownCloud kompatibel ist.","Code":0,"Trace":"#grity(Array, '\/www\/htdocs\/w01...', '\/www\/htdocs\/w01...', false)\n#1 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Installer.php(263): OC\Installer::updateApp(Array)\n#2 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Updater.php(454): OC\Installer::updateAppByOCSId('164356')\n#3 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Updater.php(254): OC\Updater->upgradeAppStoreApps(Array)\n#4 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Updater.php(150): OC\Updater->doUpgrade('9.1.0.15', '9.0.1.3')\n#5 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/core\/ajax\/update.php(193): OC\Updater->upgrade()\n#6 {main}","File":"\/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Installer.php","Line":377}","level":3,"time":"2016-07-21T13:02:21+00:00","method":"GET","url":"/core/ajax/update.php?requesttoken=I3g2NToLJgUlehQpPikjBWMvOQMBV2wbOgQyOzwgN2U%3D%3AfSRxkQHLRIfSJLAsZFmNMb4BcfhZfNO5pfFUDm96pio%3D","user":"--"}

ownCloud log (data/owncloud.log)

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...
@cipher2k

This comment has been minimized.

Show comment
Hide comment
@cipher2k

cipher2k Jul 21, 2016

I have the same issue. deactivating files_sharing via occ solved the issue of not being able to log in, but now the file sharing feature is missing.

cipher2k commented Jul 21, 2016

I have the same issue. deactivating files_sharing via occ solved the issue of not being able to log in, but now the file sharing feature is missing.

@wmeneses

This comment has been minimized.

Show comment
Hide comment
@wmeneses

wmeneses Jul 22, 2016

hello, happens to me ... when I activate the ldap module, an answer to this problem?

wmeneses commented Jul 22, 2016

hello, happens to me ... when I activate the ldap module, an answer to this problem?

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

Please all tell us how did you update.

From looking at the messages above it looks like the source code hasn't been properly replaced.

Member

PVince81 commented Jul 22, 2016

Please all tell us how did you update.

From looking at the messages above it looks like the source code hasn't been properly replaced.

@PVince81 PVince81 added the needs info label Jul 22, 2016

@PVince81 PVince81 added this to the 9.0.5 milestone Jul 22, 2016

@Revisor01

This comment has been minimized.

Show comment
Hide comment
@Revisor01

Revisor01 Jul 22, 2016

Hello,
I Downloaded tar.bz2, extracted on the Server, copy over config.php and started update process.

Thanks for help

Revisor01 commented Jul 22, 2016

Hello,
I Downloaded tar.bz2, extracted on the Server, copy over config.php and started update process.

Thanks for help

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

@Revisor01 did you delete the old source code before extracting ?

Member

PVince81 commented Jul 22, 2016

@Revisor01 did you delete the old source code before extracting ?

@Revisor01

This comment has been minimized.

Show comment
Hide comment
@Revisor01

Revisor01 commented Jul 22, 2016

Yes.

@Revisor01

This comment has been minimized.

Show comment
Hide comment
@Revisor01

Revisor01 Jul 22, 2016

In an Otter Installation i tried to replace files. Same Error.

Revisor01 commented Jul 22, 2016

In an Otter Installation i tried to replace files. Same Error.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

@Revisor01 can you confirm that there are no errors on this page: http://example.com/index.php/settings/integrity/failed and on the admin page (setup check) ?

Member

PVince81 commented Jul 22, 2016

@Revisor01 can you confirm that there are no errors on this page: http://example.com/index.php/settings/integrity/failed and on the admin page (setup check) ?

@Revisor01

This comment has been minimized.

Show comment
Hide comment
@Revisor01

Revisor01 Jul 22, 2016

I'm not at the pc right now. But there were no errors or integrity massages after disabling files_sharing.

Revisor01 commented Jul 22, 2016

I'm not at the pc right now. But there were no errors or integrity massages after disabling files_sharing.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

Could all the reporters answer the same questions ? The more details we have about the different setups, the closer we can get to a soluton. Thank you !

Member

PVince81 commented Jul 22, 2016

Could all the reporters answer the same questions ? The more details we have about the different setups, the closer we can get to a soluton. Thank you !

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

Does clearing the cookies make the CSRF failed message disappear ?

So far I don't see any correlation between this and the files_sharing app.

Member

PVince81 commented Jul 22, 2016

Does clearing the cookies make the CSRF failed message disappear ?

So far I don't see any correlation between this and the files_sharing app.

@Revisor01

This comment has been minimized.

Show comment
Hide comment
@Revisor01

Revisor01 Jul 22, 2016

Deleted the cache, tried different browsers (safari, Firefox, chrome) users, computers, tablets.

Revisor01 commented Jul 22, 2016

Deleted the cache, tried different browsers (safari, Firefox, chrome) users, computers, tablets.

@cipher2k

This comment has been minimized.

Show comment
Hide comment
@cipher2k

cipher2k Jul 22, 2016

I updated from a working latest 9.0.x release to 9.1 via apt-get update & apt-get upgrade.
Then did a occ upgrade -> no errors shown in console.
next: turned off maintenance mode via occ, too.

After that I could not log in to owncloud anymore via web. CSRF check failed message. After disabling files_sharing via occ it works again.

Cookies are always turned on. integrity check page shows: No errors have been found.

cipher2k commented Jul 22, 2016

I updated from a working latest 9.0.x release to 9.1 via apt-get update & apt-get upgrade.
Then did a occ upgrade -> no errors shown in console.
next: turned off maintenance mode via occ, too.

After that I could not log in to owncloud anymore via web. CSRF check failed message. After disabling files_sharing via occ it works again.

Cookies are always turned on. integrity check page shows: No errors have been found.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

And I guess there is no specific error in owncloud.log or error_log when you get the CSRF failed page ? Even with "loglevel" set to 0 ?

Member

PVince81 commented Jul 22, 2016

And I guess there is no specific error in owncloud.log or error_log when you get the CSRF failed page ? Even with "loglevel" set to 0 ?

@cipher2k

This comment has been minimized.

Show comment
Hide comment
@cipher2k

cipher2k Jul 22, 2016

nothing specific, just:
{"reqId":"0/clTBSYhuMIUJ4JIfrh","remoteAddr":"##.###.###.###","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-07-21T16:20:54+00:00","method":"POST","url":"/index.php/login","user":"--"}

cipher2k commented Jul 22, 2016

nothing specific, just:
{"reqId":"0/clTBSYhuMIUJ4JIfrh","remoteAddr":"##.###.###.###","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-07-21T16:20:54+00:00","method":"POST","url":"/index.php/login","user":"--"}

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

Hmmm... the way how CSRF check works: whenever the login page is rendered, it will first generate the token and then store it into the current session. Also it will append the token into a hidden field "requesttoken". You can see it if you inspect the source code of the login page.
Then, when you login, it will POST username/password but also send that token to the server.
Then the server compares the token with the one it has in the session.
If they don't match, you get this error.

Not sure yet where the files_sharing app would disturb this process.

Member

PVince81 commented Jul 22, 2016

Hmmm... the way how CSRF check works: whenever the login page is rendered, it will first generate the token and then store it into the current session. Also it will append the token into a hidden field "requesttoken". You can see it if you inspect the source code of the login page.
Then, when you login, it will POST username/password but also send that token to the server.
Then the server compares the token with the one it has in the session.
If they don't match, you get this error.

Not sure yet where the files_sharing app would disturb this process.

@wmeneses

This comment has been minimized.

Show comment
Hide comment
@wmeneses

wmeneses Jul 22, 2016

Hi, I had written the post above about ldap, after testing off the modules one by one, Ldap works ok, but the module "sharing files" does not work.
If I disable ldap "sharing files" works, by trying to turn it on, the CPU goes up and the server goes down, I think the error is the loading order of each of the modules in this version, the 9.0 had no problem .

I have 1500 users, 64GB of RAM, Xeon g4

wmeneses commented Jul 22, 2016

Hi, I had written the post above about ldap, after testing off the modules one by one, Ldap works ok, but the module "sharing files" does not work.
If I disable ldap "sharing files" works, by trying to turn it on, the CPU goes up and the server goes down, I think the error is the loading order of each of the modules in this version, the 9.0 had no problem .

I have 1500 users, 64GB of RAM, Xeon g4

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

Are you guys using the standard PHP session or did you deploy clustered environments ? In the latter case the session management might be slightly different.

Member

PVince81 commented Jul 22, 2016

Are you guys using the standard PHP session or did you deploy clustered environments ? In the latter case the session management might be slightly different.

@wmeneses

This comment has been minimized.

Show comment
Hide comment
@wmeneses

wmeneses Jul 22, 2016

It should be standard, I do not cluster.
I happened in php5.5, upgrade to php7.0 but I have the same problem

wmeneses commented Jul 22, 2016

It should be standard, I do not cluster.
I happened in php5.5, upgrade to php7.0 but I have the same problem

@wmeneses

This comment has been minimized.

Show comment
Hide comment
@wmeneses

wmeneses Jul 22, 2016

In my particular case apache generates a "segmentation fault". if one of the modules is on and the other is active.

wmeneses commented Jul 22, 2016

In my particular case apache generates a "segmentation fault". if one of the modules is on and the other is active.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jul 22, 2016

Member

@wmeneses @cipher2k can you guys please post a full report ? See https://raw.githubusercontent.com/owncloud/core/master/issue_template.md

I'd like to see if there is anything similar in your reports.

So far there isn't enough information to be able to either reproduce the issue or understand where it's coming from.

Member

PVince81 commented Jul 22, 2016

@wmeneses @cipher2k can you guys please post a full report ? See https://raw.githubusercontent.com/owncloud/core/master/issue_template.md

I'd like to see if there is anything similar in your reports.

So far there isn't enough information to be able to either reproduce the issue or understand where it's coming from.

@wmeneses

This comment has been minimized.

Show comment
Hide comment
@wmeneses

wmeneses Jul 22, 2016

Unfortunately I can not, my owncloud has many active users now, if I activate this module the server crashes, :(. "Sharing files" will be off because it is more important that users can be authenticated.
At night I can reproduce the error, thank you very much for all the help

wmeneses commented Jul 22, 2016

Unfortunately I can not, my owncloud has many active users now, if I activate this module the server crashes, :(. "Sharing files" will be off because it is more important that users can be authenticated.
At night I can reproduce the error, thank you very much for all the help

@dergilb99

This comment has been minimized.

Show comment
Hide comment
@dergilb99

dergilb99 Jul 22, 2016

@Revisor01 You might want to remove your smtp credentials.

dergilb99 commented Jul 22, 2016

@Revisor01 You might want to remove your smtp credentials.

@ruuskil

This comment has been minimized.

Show comment
Hide comment
@ruuskil

ruuskil Jul 22, 2016

Steps to reproduce

  1. Upgrade to OC 9.1
  2. Try to log in as a normal user
  3. No login because CSRF check failed
  4. Log in as admin and disable file sharing app from admin panel
  5. Login works

Expected behaviour

All users should be able to log in

Actual behaviour

User can not log in because CSRF check failed when file sharing app is enabled. Server load goes very high.

Server configuration

Operating system:
Ubuntu 16.04 LTS

Web server:
Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g-fips

Database:
MySQL 5.7.13-0ubuntu0.16.04.2 - (Ubuntu)

PHP version:
7.0.8-0ubuntu0.16.04.1

ownCloud version: (see ownCloud admin page)
9.1

Updated from an older ownCloud or fresh install:
Updated from 9.0.4

Where did you install ownCloud from:
From apt-get. Did occ upgrade from command line and no errors were reported.

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

No errors have been found.

**List of activated apps:**

Enabled:
  - activity: 2.3.2
  - calendar: 1.2.2
  - comments: 0.3.0
  - dav: 0.2.5
  - federatedfilesharing: 0.3.0
  - federation: 0.1.0
  - files: 1.5.1
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - notifications: 0.3.0
  - ownnote: 1.08
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1

**The content of config/config.php:**
{
    "system": {
        "instanceid": "oc5rl1d2bu5s",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "pilvi.sytes.net",
            "pilvi.kielletaan.com"
        ],
        "datadirectory": "\/var\/www\/owncloud\/data",
        "overwrite.cli.url": "https:\/\/pilvi.kielletaan.com",
        "dbtype": "mysql",
        "version": "9.1.0.15",
        "installed": true,
        "logtimezone": "Europe\/Helsinki",
        "logfile": "\/var\/log\/owncloud.log",
        "loglevel": 0,
        "log_authfailip": true,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "smtpa.kolumbus.fi",
        "mail_from_address": "pilvi",
        "mail_domain": "kielletaan.com",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "theme": "",
        "maintenance": false,
        "dbname": "owncloud",
        "dbhost": "127.0.0.1",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "check_for_working_htaccess": true,
        "appstoreenabled": true,
        "appstoreurl": "https:\/\/api.owncloud.com\/v1",
        "apps_paths": [
            {
                "path": "\/var\/www\/owncloud\/apps",
                "url": "\/apps",
                "writable": true
            }
        ],
        "trashbin_retention_obligation": "auto",
        "updatechecker": false,
        "htaccess.RewriteBase": "\/"
    }
}

**Are you using external storage, if yes which one:** local/smb/sftp/...
no

**Are you using encryption:** yes/no
no

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
Webdav

### Client configuration
**Browser:**
Chrome/IE/Safari
Mobile clients
Desktop client

**Operating system:**
Windows/Linux/Android

### Logs
#### Web server error log
[Fri Jul 22 20:48:12.573084 2016] [core:notice] [pid 3014] AH00051: child pid 6346 exit signal Segmentation fault (11), possible coredump in /etc/apache2

#### ownCloud log (data/owncloud.log)
{"reqId":"vx2BMAK6UpRfaM1VRB8F","remoteAddr":"192.168.1.1","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-07-22T21:10:02+03:00","method":"POST","url":"\/login","user":"--"}

ruuskil commented Jul 22, 2016

Steps to reproduce

  1. Upgrade to OC 9.1
  2. Try to log in as a normal user
  3. No login because CSRF check failed
  4. Log in as admin and disable file sharing app from admin panel
  5. Login works

Expected behaviour

All users should be able to log in

Actual behaviour

User can not log in because CSRF check failed when file sharing app is enabled. Server load goes very high.

Server configuration

Operating system:
Ubuntu 16.04 LTS

Web server:
Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g-fips

Database:
MySQL 5.7.13-0ubuntu0.16.04.2 - (Ubuntu)

PHP version:
7.0.8-0ubuntu0.16.04.1

ownCloud version: (see ownCloud admin page)
9.1

Updated from an older ownCloud or fresh install:
Updated from 9.0.4

Where did you install ownCloud from:
From apt-get. Did occ upgrade from command line and no errors were reported.

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

No errors have been found.

**List of activated apps:**

Enabled:
  - activity: 2.3.2
  - calendar: 1.2.2
  - comments: 0.3.0
  - dav: 0.2.5
  - federatedfilesharing: 0.3.0
  - federation: 0.1.0
  - files: 1.5.1
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - notifications: 0.3.0
  - ownnote: 1.08
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1

**The content of config/config.php:**
{
    "system": {
        "instanceid": "oc5rl1d2bu5s",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "pilvi.sytes.net",
            "pilvi.kielletaan.com"
        ],
        "datadirectory": "\/var\/www\/owncloud\/data",
        "overwrite.cli.url": "https:\/\/pilvi.kielletaan.com",
        "dbtype": "mysql",
        "version": "9.1.0.15",
        "installed": true,
        "logtimezone": "Europe\/Helsinki",
        "logfile": "\/var\/log\/owncloud.log",
        "loglevel": 0,
        "log_authfailip": true,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "smtpa.kolumbus.fi",
        "mail_from_address": "pilvi",
        "mail_domain": "kielletaan.com",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "theme": "",
        "maintenance": false,
        "dbname": "owncloud",
        "dbhost": "127.0.0.1",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "check_for_working_htaccess": true,
        "appstoreenabled": true,
        "appstoreurl": "https:\/\/api.owncloud.com\/v1",
        "apps_paths": [
            {
                "path": "\/var\/www\/owncloud\/apps",
                "url": "\/apps",
                "writable": true
            }
        ],
        "trashbin_retention_obligation": "auto",
        "updatechecker": false,
        "htaccess.RewriteBase": "\/"
    }
}

**Are you using external storage, if yes which one:** local/smb/sftp/...
no

**Are you using encryption:** yes/no
no

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
Webdav

### Client configuration
**Browser:**
Chrome/IE/Safari
Mobile clients
Desktop client

**Operating system:**
Windows/Linux/Android

### Logs
#### Web server error log
[Fri Jul 22 20:48:12.573084 2016] [core:notice] [pid 3014] AH00051: child pid 6346 exit signal Segmentation fault (11), possible coredump in /etc/apache2

#### ownCloud log (data/owncloud.log)
{"reqId":"vx2BMAK6UpRfaM1VRB8F","remoteAddr":"192.168.1.1","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-07-22T21:10:02+03:00","method":"POST","url":"\/login","user":"--"}
@ruuskil

This comment has been minimized.

Show comment
Hide comment
@ruuskil

ruuskil Jul 22, 2016

Did some testing and found something that might help.

I created a test user and then enabled the file share app. All old users got the same CSRF error but this new test user was able to log in and create file shares. Maybe things will start to work if I delete all user accounts and create them again and restore their data? I'm not willing to do that because most likely they will lose all calendar data and file share information.

ruuskil commented Jul 22, 2016

Did some testing and found something that might help.

I created a test user and then enabled the file share app. All old users got the same CSRF error but this new test user was able to log in and create file shares. Maybe things will start to work if I delete all user accounts and create them again and restore their data? I'm not willing to do that because most likely they will lose all calendar data and file share information.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 18, 2016

Member

@gekoul are any files or folders shared from that local storage ? Or is there no sharing involved ?
The patch only fixes issues related to sharing, so I'm wondering whether you found another different case.

Member

PVince81 commented Aug 18, 2016

@gekoul are any files or folders shared from that local storage ? Or is there no sharing involved ?
The patch only fixes issues related to sharing, so I'm wondering whether you found another different case.

@gekoul

This comment has been minimized.

Show comment
Hide comment
@gekoul

gekoul Aug 18, 2016

I think not. It is most definitely the same use case. The problem starts as soon as the user tries to share the file/folder.
The issue is resolved once the share is deleted from the oc_shares table.

G.

----- Original Message -----

From: "Vincent Petry" notifications@github.com
To: "owncloud/core" core@noreply.github.com
Cc: "George" gekoul@gmail.com, "Mention" mention@noreply.github.com
Sent: Thursday, 18 August, 2016 1:06:00 PM
Subject: Re: [owncloud/core] File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1 (#25557)

@gekoul are any files or folders shared from that local storage ? Or is there no sharing involved ?
The patch only fixes issues related to sharing, so I'm wondering whether you found another different case.

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub , or mute the thread .

gekoul commented Aug 18, 2016

I think not. It is most definitely the same use case. The problem starts as soon as the user tries to share the file/folder.
The issue is resolved once the share is deleted from the oc_shares table.

G.

----- Original Message -----

From: "Vincent Petry" notifications@github.com
To: "owncloud/core" core@noreply.github.com
Cc: "George" gekoul@gmail.com, "Mention" mention@noreply.github.com
Sent: Thursday, 18 August, 2016 1:06:00 PM
Subject: Re: [owncloud/core] File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1 (#25557)

@gekoul are any files or folders shared from that local storage ? Or is there no sharing involved ?
The patch only fixes issues related to sharing, so I'm wondering whether you found another different case.

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub , or mute the thread .

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 18, 2016

Member

9.1.1 RC1 is out, you can use it for testing: You can help testing with the 9.1.1 RC1: http://download.owncloud.org/community/testing/owncloud-9.1.1RC1.tar.bz2

Member

PVince81 commented Aug 18, 2016

9.1.1 RC1 is out, you can use it for testing: You can help testing with the 9.1.1 RC1: http://download.owncloud.org/community/testing/owncloud-9.1.1RC1.tar.bz2

@scroach

This comment has been minimized.

Show comment
Hide comment
@scroach

scroach Aug 24, 2016

Hey there, we are having massive issues this week since we migrated our server. We updated from OC 8 to 9.0 and then 9.1. But since the update the share plugin is causing problems. We tried updating to the 9.1.1RC1 but it's still not working. Some users are able to login and some are not (we are not sure about why, but disabling the plugin works).

I get an internal server error when I try to login. SQL Exception when trying to insert into oc_mounts. Any thoughts or more info I could provide to help?

{"reqId":"AO1OAdlnpklUTvXF6Ui4","remoteAddr":"xxxxxx","app":"index","message":"Exception: {\"Exception\":\"Doctrine\\\\DBAL\\\\Exception\\\\DriverException\",\"Message\":\"An exception occurred while executing 'INSERT INTO oc_mounts (storage_id,root_id,user_id,mount_point) SELECT ?,?,?,? FROM oc_mounts WHERE root_id = ? AND user_id = ? HAVING COUNT(*) = 0' with params [false, 2147, \\\"winkelmayer\\\", \\\"\\\\\\\/winkelmayer\\\\\\\/files\\\\\\\/xxxxx\\\\\\\/\\\", 2147, \\\"winkelmayer\\\"]:\\n\\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'storage_id' at row 1\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/DBALException.php(116): Doctrine\\\\DBAL\\\\Driver\\\\AbstractMySQLDriver->convertException('An exception oc...', Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException))\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Connection.php(996): Doctrine\\\\DBAL\\\\DBALException::driverExceptionDuringQuery(Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOMySql\\\\Driver), Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException), 'INSERT INTO oc...', Array)\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Connection.php(209): Doctrine\\\\DBAL\\\\Connection->executeUpdate('INSERT INTO oc...', Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Adapter.php(113): OC\\\\DB\\\\Connection->executeUpdate('INSERT INTO oc...', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Connection.php(247): OC\\\\DB\\\\Adapter->insertIfNotExist('*PREFIX*mounts', Array, Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/UserMountCache.php(144): OC\\\\DB\\\\Connection->insertIfNotExist('*PREFIX*mounts', Array, Array)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/UserMountCache.php(124): OC\\\\Files\\\\Config\\\\UserMountCache->addToCache(Object(OC\\\\Files\\\\Config\\\\LazyStorageMountInfo))\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/MountProviderCollection.php(133): OC\\\\Files\\\\Config\\\\UserMountCache->registerMounts(Object(OC\\\\User\\\\User), Array)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(425): OC\\\\Files\\\\Config\\\\MountProviderCollection->registerMounts(Object(OC\\\\User\\\\User), Array)\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(370): OC\\\\Files\\\\Filesystem::initMountPoints('winkelmayer')\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/util.php(226): OC\\\\Files\\\\Filesystem::init('winkelmayer', '\\\/winkelmayer\\\/fi...')\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(348): OC_Util::setupFS()\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(1110): OC\\\\Files\\\\Filesystem::resolvePath('\\\/files_encrypti...')\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(524): OC\\\\Files\\\\View->basicOperation('file_exists', '\\\/files_encrypti...')\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Encryption\\\/Keys\\\/Storage.php(190): OC\\\\Files\\\\View->file_exists('\\\/files_encrypti...')\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Encryption\\\/Keys\\\/Storage.php(101): OC\\\\Encryption\\\\Keys\\\\Storage->getKey('\\\/files_encrypti...')\\n#16 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/KeyManager.php(558): OC\\\\Encryption\\\\Keys\\\\Storage->getSystemUserKey('pubShare_15c297...', 'OC_DEFAULT_MODU...')\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/KeyManager.php(157): OCA\\\\Encryption\\\\KeyManager->getPublicShareKey()\\n#18 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/Users\\\/Setup.php(85): OCA\\\\Encryption\\\\KeyManager->validateShareKey()\\n#19 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/AppInfo\\\/Application.php(72): OCA\\\\Encryption\\\\Users\\\\Setup->setupSystem()\\n#20 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/appinfo\\\/app.php(29): OCA\\\\Encryption\\\\AppInfo\\\\Application->__construct(Array, true)\\n#21 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(186): require_once('\\\/var\\\/www\\\/ownclo...')\\n#22 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(149): OC_App::requireAppFile('encryption')\\n#23 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(119): OC_App::loadApp('encryption')\\n#24 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(875): OC_App::loadApps()\\n#25 \\\/var\\\/www\\\/owncloud\\\/index.php(39): OC::handleRequest()\\n#26 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Driver\\\/AbstractMySQLDriver.php\",\"Line\":115}","level":3,"time":"2016-08-24T10:58:45+00:00","method":"GET","url":"\/owncloud\/index.php","user":"winkelmayer"}

scroach commented Aug 24, 2016

Hey there, we are having massive issues this week since we migrated our server. We updated from OC 8 to 9.0 and then 9.1. But since the update the share plugin is causing problems. We tried updating to the 9.1.1RC1 but it's still not working. Some users are able to login and some are not (we are not sure about why, but disabling the plugin works).

I get an internal server error when I try to login. SQL Exception when trying to insert into oc_mounts. Any thoughts or more info I could provide to help?

{"reqId":"AO1OAdlnpklUTvXF6Ui4","remoteAddr":"xxxxxx","app":"index","message":"Exception: {\"Exception\":\"Doctrine\\\\DBAL\\\\Exception\\\\DriverException\",\"Message\":\"An exception occurred while executing 'INSERT INTO oc_mounts (storage_id,root_id,user_id,mount_point) SELECT ?,?,?,? FROM oc_mounts WHERE root_id = ? AND user_id = ? HAVING COUNT(*) = 0' with params [false, 2147, \\\"winkelmayer\\\", \\\"\\\\\\\/winkelmayer\\\\\\\/files\\\\\\\/xxxxx\\\\\\\/\\\", 2147, \\\"winkelmayer\\\"]:\\n\\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'storage_id' at row 1\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/DBALException.php(116): Doctrine\\\\DBAL\\\\Driver\\\\AbstractMySQLDriver->convertException('An exception oc...', Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException))\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Connection.php(996): Doctrine\\\\DBAL\\\\DBALException::driverExceptionDuringQuery(Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOMySql\\\\Driver), Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException), 'INSERT INTO oc...', Array)\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Connection.php(209): Doctrine\\\\DBAL\\\\Connection->executeUpdate('INSERT INTO oc...', Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Adapter.php(113): OC\\\\DB\\\\Connection->executeUpdate('INSERT INTO oc...', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Connection.php(247): OC\\\\DB\\\\Adapter->insertIfNotExist('*PREFIX*mounts', Array, Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/UserMountCache.php(144): OC\\\\DB\\\\Connection->insertIfNotExist('*PREFIX*mounts', Array, Array)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/UserMountCache.php(124): OC\\\\Files\\\\Config\\\\UserMountCache->addToCache(Object(OC\\\\Files\\\\Config\\\\LazyStorageMountInfo))\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/MountProviderCollection.php(133): OC\\\\Files\\\\Config\\\\UserMountCache->registerMounts(Object(OC\\\\User\\\\User), Array)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(425): OC\\\\Files\\\\Config\\\\MountProviderCollection->registerMounts(Object(OC\\\\User\\\\User), Array)\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(370): OC\\\\Files\\\\Filesystem::initMountPoints('winkelmayer')\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/util.php(226): OC\\\\Files\\\\Filesystem::init('winkelmayer', '\\\/winkelmayer\\\/fi...')\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(348): OC_Util::setupFS()\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(1110): OC\\\\Files\\\\Filesystem::resolvePath('\\\/files_encrypti...')\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(524): OC\\\\Files\\\\View->basicOperation('file_exists', '\\\/files_encrypti...')\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Encryption\\\/Keys\\\/Storage.php(190): OC\\\\Files\\\\View->file_exists('\\\/files_encrypti...')\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Encryption\\\/Keys\\\/Storage.php(101): OC\\\\Encryption\\\\Keys\\\\Storage->getKey('\\\/files_encrypti...')\\n#16 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/KeyManager.php(558): OC\\\\Encryption\\\\Keys\\\\Storage->getSystemUserKey('pubShare_15c297...', 'OC_DEFAULT_MODU...')\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/KeyManager.php(157): OCA\\\\Encryption\\\\KeyManager->getPublicShareKey()\\n#18 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/Users\\\/Setup.php(85): OCA\\\\Encryption\\\\KeyManager->validateShareKey()\\n#19 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/AppInfo\\\/Application.php(72): OCA\\\\Encryption\\\\Users\\\\Setup->setupSystem()\\n#20 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/appinfo\\\/app.php(29): OCA\\\\Encryption\\\\AppInfo\\\\Application->__construct(Array, true)\\n#21 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(186): require_once('\\\/var\\\/www\\\/ownclo...')\\n#22 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(149): OC_App::requireAppFile('encryption')\\n#23 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(119): OC_App::loadApp('encryption')\\n#24 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(875): OC_App::loadApps()\\n#25 \\\/var\\\/www\\\/owncloud\\\/index.php(39): OC::handleRequest()\\n#26 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Driver\\\/AbstractMySQLDriver.php\",\"Line\":115}","level":3,"time":"2016-08-24T10:58:45+00:00","method":"GET","url":"\/owncloud\/index.php","user":"winkelmayer"}

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 24, 2016

Member

@scroach mind raising this in a separate issue and ping me there ? Your symptoms look completely different. Or are you also having memory errors and server crashes ?

Member

PVince81 commented Aug 24, 2016

@scroach mind raising this in a separate issue and ping me there ? Your symptoms look completely different. Or are you also having memory errors and server crashes ?

@ballfire

This comment has been minimized.

Show comment
Hide comment
@ballfire

ballfire Aug 25, 2016

I applied the patch and i still experiencing the problem with CSRF; however, as i explained before, this server has SSL enabled in Apache, so the CSRF problem only happens when accessing without SSL. SSL version of the site works flawlessly.

Here is the log after a failed login attemp in the non-SSL version of the site

It looks as if the arguments for login were not being passed correctly

----- log -----
{"reqId":"vJETh0OzJzlypRU3Lh/u","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:22:59+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"vJETh0OzJzlypRU3Lh/u","remoteAddr":"192.168.253.160","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-08-25T08:22:59+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"zozgHToiwNjKOAW6g+af","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:22:59+00:00","method":"GET","url":"/owncloud/index.php/core/js/oc.js?v=223e9f78f8e1d27896a82bac43b47cf3","user":"--"}

------- log in the SSL version of the site that actually works (LDAP scheme hand changed to someorg.es)------
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=alorenzo,ou=people,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => primaryGroupID\n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Ready for a paged search","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Requested attribute primarygroupid not found for uid=alorenzo,ou=people,dc=someorg,dc=es","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=empleados,ou=group,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Ready for a paged search","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"readAttribute: cn=empleados,ou=group,dc=someorg,dc=es found","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=owncloud_admin,ou=group,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}

[.... goes on with successful after-login activity ---- ]

ballfire commented Aug 25, 2016

I applied the patch and i still experiencing the problem with CSRF; however, as i explained before, this server has SSL enabled in Apache, so the CSRF problem only happens when accessing without SSL. SSL version of the site works flawlessly.

Here is the log after a failed login attemp in the non-SSL version of the site

It looks as if the arguments for login were not being passed correctly

----- log -----
{"reqId":"vJETh0OzJzlypRU3Lh/u","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:22:59+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"vJETh0OzJzlypRU3Lh/u","remoteAddr":"192.168.253.160","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-08-25T08:22:59+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"zozgHToiwNjKOAW6g+af","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:22:59+00:00","method":"GET","url":"/owncloud/index.php/core/js/oc.js?v=223e9f78f8e1d27896a82bac43b47cf3","user":"--"}

------- log in the SSL version of the site that actually works (LDAP scheme hand changed to someorg.es)------
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=alorenzo,ou=people,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => primaryGroupID\n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Ready for a paged search","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Requested attribute primarygroupid not found for uid=alorenzo,ou=people,dc=someorg,dc=es","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=empleados,ou=group,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Ready for a paged search","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"readAttribute: cn=empleados,ou=group,dc=someorg,dc=es found","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=owncloud_admin,ou=group,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}

[.... goes on with successful after-login activity ---- ]

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 25, 2016

Member

@ballfire separate unrelated issue: #25927

Member

PVince81 commented Aug 25, 2016

@ballfire separate unrelated issue: #25927

@aTanCS

This comment has been minimized.

Show comment
Hide comment
@aTanCS

aTanCS Aug 29, 2016

After upgrading to 9.1 users (from ldap) who shared files hang php-fpm process. It runs at 100% until timeout. Disabling file sharing resolves the problem. Tried with php-fpm 5.4.45 and 7.0.9.
EDIT: patch resolved the problem.

aTanCS commented Aug 29, 2016

After upgrading to 9.1 users (from ldap) who shared files hang php-fpm process. It runs at 100% until timeout. Disabling file sharing resolves the problem. Tried with php-fpm 5.4.45 and 7.0.9.
EDIT: patch resolved the problem.

@wobemh

This comment has been minimized.

Show comment
Hide comment
@wobemh

wobemh Aug 30, 2016

After Patching upgraded 9.1 we have an issue with sophos Antivirus, which scans new and changed files on our CentOS 7 Server:
System runs in normal speed, but shares over links are very slow!
Does OC build temporary files, if there is someone connecting over a shared link??

wobemh commented Aug 30, 2016

After Patching upgraded 9.1 we have an issue with sophos Antivirus, which scans new and changed files on our CentOS 7 Server:
System runs in normal speed, but shares over links are very slow!
Does OC build temporary files, if there is someone connecting over a shared link??

@derekbtw

This comment has been minimized.

Show comment
Hide comment
@derekbtw

derekbtw Aug 30, 2016

I'm getting this error and I just installed OwnCloud on my server yesterday and have not shared any links, thus there isn't any data in the oc_share table. I'm getting kind of nervous because I uploaded every single photo I have of my son on there to clear space on my computer.

derekbtw commented Aug 30, 2016

I'm getting this error and I just installed OwnCloud on my server yesterday and have not shared any links, thus there isn't any data in the oc_share table. I'm getting kind of nervous because I uploaded every single photo I have of my son on there to clear space on my computer.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 31, 2016

Member

@wobemh Please make new tickets for any new issues observed on 9.1.1RC1 or patched instances.

@derekbtw https://owncloud.org/faq/#backup
@derekbtw since you don't have shares, your problem is likely a different one #25927

Member

PVince81 commented Aug 31, 2016

@wobemh Please make new tickets for any new issues observed on 9.1.1RC1 or patched instances.

@derekbtw https://owncloud.org/faq/#backup
@derekbtw since you don't have shares, your problem is likely a different one #25927

@derekbtw

This comment has been minimized.

Show comment
Hide comment
@derekbtw

derekbtw Sep 1, 2016

@PVince81 I figured it out. The problem was my max file upload size was set to 1KB for some reason. So when I typed in my username and password, it was over 1kb.

derekbtw commented Sep 1, 2016

@PVince81 I figured it out. The problem was my max file upload size was set to 1KB for some reason. So when I typed in my username and password, it was over 1kb.

@kwisatz

This comment has been minimized.

Show comment
Hide comment
@kwisatz

kwisatz Sep 1, 2016

We have tested the latest patch mentioned above (https://patch-diff.githubusercontent.com/raw/owncloud/core/pull/25754.patch) and found it working.
However, @PVince81 you mentioned that

The patch was merged and will be in OC 9.1.1.

This means that is you want to help testing, you can use tomorrow's daily build of stable9.1

However, we're using the .deb package from your repository and 9.1.1 is not yet available here, is that known?

owncloud:
  Installed: 9.1.0-1.1
  Candidate: 9.1.0-1.1
  Version table:
 *** 9.1.0-1.1 0
        500 http://download.owncloud.org/download/repositories/stable/Debian_8.0/  Packages

kwisatz commented Sep 1, 2016

We have tested the latest patch mentioned above (https://patch-diff.githubusercontent.com/raw/owncloud/core/pull/25754.patch) and found it working.
However, @PVince81 you mentioned that

The patch was merged and will be in OC 9.1.1.

This means that is you want to help testing, you can use tomorrow's daily build of stable9.1

However, we're using the .deb package from your repository and 9.1.1 is not yet available here, is that known?

owncloud:
  Installed: 9.1.0-1.1
  Candidate: 9.1.0-1.1
  Version table:
 *** 9.1.0-1.1 0
        500 http://download.owncloud.org/download/repositories/stable/Debian_8.0/  Packages
@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Sep 1, 2016

Member

You might find 9.1.1RC1 in the testing repositories

Member

PVince81 commented Sep 1, 2016

You might find 9.1.1RC1 in the testing repositories

This was referenced Sep 13, 2016

@stormsh

This comment has been minimized.

Show comment
Hide comment
@stormsh

stormsh Sep 19, 2016

Hello there, I had login problems with my apps since I updated to 9.1. I solved this problem by adding App passwords for said apps. BUT I get this error when I try to log in with my mobile Firefox. The normal desktop Firefox (both are same version and nearly same addons) doesn't have a login problem. It's not urgend because I use the mobile forefox login twice per year.
I just thought you might like the info.

stormsh commented Sep 19, 2016

Hello there, I had login problems with my apps since I updated to 9.1. I solved this problem by adding App passwords for said apps. BUT I get this error when I try to log in with my mobile Firefox. The normal desktop Firefox (both are same version and nearly same addons) doesn't have a login problem. It's not urgend because I use the mobile forefox login twice per year.
I just thought you might like the info.

@lolnerd

This comment has been minimized.

Show comment
Hide comment
@lolnerd

lolnerd Sep 22, 2016

Hi there, I encountered this problem after upgrading to 9.1 by repository (Ubuntu 16.04). After the info in this thread, I waited patiently to 9.1.1 being released via repository, yet still the bug remains. I'm unable to login via Web Interface with the "Zugriff verboten", "CSRF check failed" error.

lolnerd commented Sep 22, 2016

Hi there, I encountered this problem after upgrading to 9.1 by repository (Ubuntu 16.04). After the info in this thread, I waited patiently to 9.1.1 being released via repository, yet still the bug remains. I'm unable to login via Web Interface with the "Zugriff verboten", "CSRF check failed" error.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81
Member

PVince81 commented Sep 22, 2016

@lolnerd maybe #25927 ?

@soaringPingu

This comment has been minimized.

Show comment
Hide comment
@soaringPingu

soaringPingu Sep 22, 2016

Hi, for what it might be worth I have a slightly different path to the same issue, and it might be useful to someone :-)

This doesn't just happen with upgrades.
I started from scratch with 9.1.0 a month or so ago. My old version was 7, and I only have 3 family users, so didn't bother upgrade as I was also making a fair few other changes.
I manually moved the old file structure of the data files into the new install. I have been using it since it was installed and I have shared one folder, with sub folders and files, with the group 'family'.
Yesterday I added one of the family users back in, and there were some file name clashes with the old files, using lower case first letters, like 'documents', vs. 9.1.0 defaults of 'Documents' (it might be the other way around, not sure...). This became an issue on Windows. I used the sync utility in Windows and manually de-selected the upper case and lower case directories until they contained the same data. I then logged in to the web interface with the new user and removed one version, in this case the lower case ones (documents, music and photos).
This morning, the new user could not log in, nor could I log in with my current user (admin rights). No changes had been made to the system at all.
I could still log into the web interface using my original admin account, and notably, that account is not a member of the group "family", all other accounts are.
My sync client on Ubuntu was showing a green connected tick, using the same credentials as I failed to log in with in the web interface. I didn't test it further than that.

It appears that only users in the group 'family' (in my case) are affected.
The folder that was shared with the group 'family' had no links to the removed folders
The sync clients appeared to be unaffected

(I have not done extensive testing as I am fairly novice in this and I don't have a test set-up, (and I don't want to break it ;-))

If some log files are of use to anyone, let me know which ones.

Since I only have a small system and my oc_share table only had one line in it, I solved it using the above suggested workaround of disabling the File Share and removing that entry. I then rebooted, enabled File Sharing, shared the folder again, and I am up and running.

soaringPingu commented Sep 22, 2016

Hi, for what it might be worth I have a slightly different path to the same issue, and it might be useful to someone :-)

This doesn't just happen with upgrades.
I started from scratch with 9.1.0 a month or so ago. My old version was 7, and I only have 3 family users, so didn't bother upgrade as I was also making a fair few other changes.
I manually moved the old file structure of the data files into the new install. I have been using it since it was installed and I have shared one folder, with sub folders and files, with the group 'family'.
Yesterday I added one of the family users back in, and there were some file name clashes with the old files, using lower case first letters, like 'documents', vs. 9.1.0 defaults of 'Documents' (it might be the other way around, not sure...). This became an issue on Windows. I used the sync utility in Windows and manually de-selected the upper case and lower case directories until they contained the same data. I then logged in to the web interface with the new user and removed one version, in this case the lower case ones (documents, music and photos).
This morning, the new user could not log in, nor could I log in with my current user (admin rights). No changes had been made to the system at all.
I could still log into the web interface using my original admin account, and notably, that account is not a member of the group "family", all other accounts are.
My sync client on Ubuntu was showing a green connected tick, using the same credentials as I failed to log in with in the web interface. I didn't test it further than that.

It appears that only users in the group 'family' (in my case) are affected.
The folder that was shared with the group 'family' had no links to the removed folders
The sync clients appeared to be unaffected

(I have not done extensive testing as I am fairly novice in this and I don't have a test set-up, (and I don't want to break it ;-))

If some log files are of use to anyone, let me know which ones.

Since I only have a small system and my oc_share table only had one line in it, I solved it using the above suggested workaround of disabling the File Share and removing that entry. I then rebooted, enabled File Sharing, shared the folder again, and I am up and running.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Sep 23, 2016

Member

By the way, 9.1.1 was released which contains this fix.

So I encourage anyone coming here with the same issue to try 9.1.1 first.

Member

PVince81 commented Sep 23, 2016

By the way, 9.1.1 was released which contains this fix.

So I encourage anyone coming here with the same issue to try 9.1.1 first.

@lep86

This comment has been minimized.

Show comment
Hide comment
@lep86

lep86 Sep 27, 2016

OC 9.1.1 new installation on ubuntu 16. Got error CSRF check failed

lep86 commented Sep 27, 2016

OC 9.1.1 new installation on ubuntu 16. Got error CSRF check failed

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Sep 27, 2016

Member

I'm locking this thread now as many people mistake it with #25927.

If you came here through the search and see a CSRF check failed issue on 9.1.1, please report your details in #25927.

Thanks.

Member

PVince81 commented Sep 27, 2016

I'm locking this thread now as many people mistake it with #25927.

If you came here through the search and see a CSRF check failed issue on 9.1.1, please report your details in #25927.

Thanks.

@owncloud owncloud locked and limited conversation to collaborators Sep 27, 2016

@PVince81 PVince81 changed the title from File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1 to File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1.0 Sep 27, 2016

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jan 10, 2017

Member

Trying to find smaller steps to reproduce this locally. Goal is being able to test this automatically to avoid regressions in the future.

Steps to recreate one level of recursion on v9.1.0:

  1. Create three users "user1", "user2" and "user3"
  2. Login as "user2"
  3. Create a folder "deleted"
  4. Share "deleted" with "user1"
  5. Delete "deleted" to trash (but leave it there)
  6. Create a folder "test"
  7. Share "test" with "user1"
  8. Login as "user3"
  9. Create a folder "withuser2"
  10. Share "withuser2" with "user2"
  11. Log out
  12. curl -D - -X GET -u user1:test http://localhost/owncloud/remote.php/webdav/welcome.txt > file.txt and debug into $this->ownerView->getPath() from the shared storage.

At some point the $mounts list will contain a SharedMount when trying to resolve the "deleted" share. Since that one is not in the "Home" mount which is the first entry in $mounts, it will step to the second entry SharedMount and call getStorage() and getCache() which will internally initialized that matching shared storage, which itself will call $this->ownerView->getPath() again for itself.

0  OC\Files\View->getPath() /srv/www/htdocs/owncloud/lib/private/Files/View.php:1693
1  OC\Files\Storage\Shared->__construct() /srv/www/htdocs/owncloud/apps/files_sharing/lib/sharedstorage.php:83
2  OC\Files\Storage\StorageFactory->getInstance() /srv/www/htdocs/owncloud/lib/private/Files/Storage/StorageFactory.php:82
3  OC\Files\Mount\MountPoint->createStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:137
4  OC\Files\Mount\MountPoint->getStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:160
5  OC\Files\View->getPath() /srv/www/htdocs/owncloud/lib/private/Files/View.php:1687
6  OC\Files\Storage\Shared->__construct() /srv/www/htdocs/owncloud/apps/files_sharing/lib/sharedstorage.php:83
7  OC\Files\Storage\StorageFactory->getInstance() /srv/www/htdocs/owncloud/lib/private/Files/Storage/StorageFactory.php:82
8  OC\Files\Mount\MountPoint->createStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:137
9  OC\Files\Mount\MountPoint->getStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:160
10 OC\Files\Config\LazyStorageMountInfo->getStorageId() /srv/www/htdocs/owncloud/lib/private/Files/Config/LazyStorageMountInfo.php:50
11 OC\Files\Config\UserMountCache->addToCache() /srv/www/htdocs/owncloud/lib/private/Files/Config/UserMountCache.php:138
12 OC\Files\Config\UserMountCache->registerMounts() /srv/www/htdocs/owncloud/lib/private/Files/Config/UserMountCache.php:124
13 OC\Files\Config\MountProviderCollection->registerMounts() /srv/www/htdocs/owncloud/lib/private/Files/Config/MountProviderCollection.php:133
14 OC\Files\Filesystem::initMountPoints() /srv/www/htdocs/owncloud/lib/private/Files/Filesystem.php:425
15 OC\Cache\File->getStorage() /srv/www/htdocs/owncloud/lib/private/Cache/File.php:52
16 OC\Cache\File->gc() /srv/www/htdocs/owncloud/lib/private/Cache/File.php:173
17 OC::{closure:/srv/www/htdocs/owncloud/lib/base.php:717-729}() /srv/www/htdocs/owncloud/lib/base.php:720
18 call_user_func_array:{/srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98}() /srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98
19 OC\Hooks\BasicEmitter->emit() /srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98
20 OC\Hooks\PublicEmitter->emit() /srv/www/htdocs/owncloud/lib/private/Hooks/PublicEmitter.php:32
21 OC\User\Session->loginWithPassword() /srv/www/htdocs/owncloud/lib/private/User/Session.php:436
22 OC\User\Session->login() /srv/www/htdocs/owncloud/lib/private/User/Session.php:287
23 OC\User\Session->logClientIn() /srv/www/htdocs/owncloud/lib/private/User/Session.php:313
24 OCA\DAV\Connector\Sabre\Auth->validateUserPass() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:121
25 Sabre\DAV\Auth\Backend\AbstractBasic->check() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php:105
26 OCA\DAV\Connector\Sabre\Auth->auth() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:242
27 OCA\DAV\Connector\Sabre\Auth->check() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:146
28 Sabre\DAV\Auth\Plugin->beforeMethod() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php:166
29 call_user_func_array:{/srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105}() /srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105
30 Sabre\Event\EventEmitter->emit() /srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105
31 Sabre\DAV\Server->invokeMethod() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php:446
32 Sabre\DAV\Server->exec() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php:248
33 require_once()  /srv/www/htdocs/owncloud/apps/dav/appinfo/v1/webdav.php:56
34 {main}          /srv/www/htdocs/owncloud/remote.php:164

This is only a single-level recursion. Goal is to use a similar scenario to achieve infinite recursion with group shares.

Member

PVince81 commented Jan 10, 2017

Trying to find smaller steps to reproduce this locally. Goal is being able to test this automatically to avoid regressions in the future.

Steps to recreate one level of recursion on v9.1.0:

  1. Create three users "user1", "user2" and "user3"
  2. Login as "user2"
  3. Create a folder "deleted"
  4. Share "deleted" with "user1"
  5. Delete "deleted" to trash (but leave it there)
  6. Create a folder "test"
  7. Share "test" with "user1"
  8. Login as "user3"
  9. Create a folder "withuser2"
  10. Share "withuser2" with "user2"
  11. Log out
  12. curl -D - -X GET -u user1:test http://localhost/owncloud/remote.php/webdav/welcome.txt > file.txt and debug into $this->ownerView->getPath() from the shared storage.

At some point the $mounts list will contain a SharedMount when trying to resolve the "deleted" share. Since that one is not in the "Home" mount which is the first entry in $mounts, it will step to the second entry SharedMount and call getStorage() and getCache() which will internally initialized that matching shared storage, which itself will call $this->ownerView->getPath() again for itself.

0  OC\Files\View->getPath() /srv/www/htdocs/owncloud/lib/private/Files/View.php:1693
1  OC\Files\Storage\Shared->__construct() /srv/www/htdocs/owncloud/apps/files_sharing/lib/sharedstorage.php:83
2  OC\Files\Storage\StorageFactory->getInstance() /srv/www/htdocs/owncloud/lib/private/Files/Storage/StorageFactory.php:82
3  OC\Files\Mount\MountPoint->createStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:137
4  OC\Files\Mount\MountPoint->getStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:160
5  OC\Files\View->getPath() /srv/www/htdocs/owncloud/lib/private/Files/View.php:1687
6  OC\Files\Storage\Shared->__construct() /srv/www/htdocs/owncloud/apps/files_sharing/lib/sharedstorage.php:83
7  OC\Files\Storage\StorageFactory->getInstance() /srv/www/htdocs/owncloud/lib/private/Files/Storage/StorageFactory.php:82
8  OC\Files\Mount\MountPoint->createStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:137
9  OC\Files\Mount\MountPoint->getStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:160
10 OC\Files\Config\LazyStorageMountInfo->getStorageId() /srv/www/htdocs/owncloud/lib/private/Files/Config/LazyStorageMountInfo.php:50
11 OC\Files\Config\UserMountCache->addToCache() /srv/www/htdocs/owncloud/lib/private/Files/Config/UserMountCache.php:138
12 OC\Files\Config\UserMountCache->registerMounts() /srv/www/htdocs/owncloud/lib/private/Files/Config/UserMountCache.php:124
13 OC\Files\Config\MountProviderCollection->registerMounts() /srv/www/htdocs/owncloud/lib/private/Files/Config/MountProviderCollection.php:133
14 OC\Files\Filesystem::initMountPoints() /srv/www/htdocs/owncloud/lib/private/Files/Filesystem.php:425
15 OC\Cache\File->getStorage() /srv/www/htdocs/owncloud/lib/private/Cache/File.php:52
16 OC\Cache\File->gc() /srv/www/htdocs/owncloud/lib/private/Cache/File.php:173
17 OC::{closure:/srv/www/htdocs/owncloud/lib/base.php:717-729}() /srv/www/htdocs/owncloud/lib/base.php:720
18 call_user_func_array:{/srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98}() /srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98
19 OC\Hooks\BasicEmitter->emit() /srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98
20 OC\Hooks\PublicEmitter->emit() /srv/www/htdocs/owncloud/lib/private/Hooks/PublicEmitter.php:32
21 OC\User\Session->loginWithPassword() /srv/www/htdocs/owncloud/lib/private/User/Session.php:436
22 OC\User\Session->login() /srv/www/htdocs/owncloud/lib/private/User/Session.php:287
23 OC\User\Session->logClientIn() /srv/www/htdocs/owncloud/lib/private/User/Session.php:313
24 OCA\DAV\Connector\Sabre\Auth->validateUserPass() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:121
25 Sabre\DAV\Auth\Backend\AbstractBasic->check() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php:105
26 OCA\DAV\Connector\Sabre\Auth->auth() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:242
27 OCA\DAV\Connector\Sabre\Auth->check() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:146
28 Sabre\DAV\Auth\Plugin->beforeMethod() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php:166
29 call_user_func_array:{/srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105}() /srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105
30 Sabre\Event\EventEmitter->emit() /srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105
31 Sabre\DAV\Server->invokeMethod() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php:446
32 Sabre\DAV\Server->exec() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php:248
33 require_once()  /srv/www/htdocs/owncloud/apps/dav/appinfo/v1/webdav.php:56
34 {main}          /srv/www/htdocs/owncloud/remote.php:164

This is only a single-level recursion. Goal is to use a similar scenario to achieve infinite recursion with group shares.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Jan 10, 2017

Member

Steps for infinite recursion on v9.1.0:

  1. Create two users "user1" and "user2"
  2. Login as "user1"
  3. Create a folder "delfromuser1"
  4. Share "delfromuser1" with "user2"
  5. Delete "delfromuser1" to trash
  6. Create a folder "testfromuser1"
  7. Share "testfromuser1" with "user2"
  8. Login as "user2"
  9. Create a folder "delfromuser2"
  10. Share "delfromuser2" with "user1"
  11. Refresh the page 💥
  12. curl -D - -X GET -u user2:test http://localhost/owncloud/remote.php/webdav/welcome.txt > file.txt 💥 500 Internal Server Error

How the recursion occurs:

  1. When setting up the FS for user2, the SharedStorage for "delfromuser1" is being initialized.
  2. This calls $this->ownerView->getPath() with the id of that share which points to a deleted file. The owner is "user1" so this is user1's view
  3. getPath() grabs a list of mounts points in $mounts, first one is user1's Home storage and the second one is user1's received SharedMount "delfromuser2".
  4. Since the file doesn't exist on the Home storage, the loop proceeds to the `SharedMount' "delfromuser2"
  5. Since that one is not initialized yet, calling getStorage()->getCache() will initialize it.
  6. Initializing the "SharedStorage" for "delfromuser2" will itself call $this->ownerView->getPath()with the id of that share. The owner is "user2" so this is user2's view.
  7. getPath() grabs a list of mount points in $mounts, first one is user2's Home storage and the second one is user2's received SharedMount "delfromuser1"
  8. The same logic as above happens in the loop and the SharedMount "delfromuser1" will initialize the storage again from step1, which causes an infinite loop that way
Member

PVince81 commented Jan 10, 2017

Steps for infinite recursion on v9.1.0:

  1. Create two users "user1" and "user2"
  2. Login as "user1"
  3. Create a folder "delfromuser1"
  4. Share "delfromuser1" with "user2"
  5. Delete "delfromuser1" to trash
  6. Create a folder "testfromuser1"
  7. Share "testfromuser1" with "user2"
  8. Login as "user2"
  9. Create a folder "delfromuser2"
  10. Share "delfromuser2" with "user1"
  11. Refresh the page 💥
  12. curl -D - -X GET -u user2:test http://localhost/owncloud/remote.php/webdav/welcome.txt > file.txt 💥 500 Internal Server Error

How the recursion occurs:

  1. When setting up the FS for user2, the SharedStorage for "delfromuser1" is being initialized.
  2. This calls $this->ownerView->getPath() with the id of that share which points to a deleted file. The owner is "user1" so this is user1's view
  3. getPath() grabs a list of mounts points in $mounts, first one is user1's Home storage and the second one is user1's received SharedMount "delfromuser2".
  4. Since the file doesn't exist on the Home storage, the loop proceeds to the `SharedMount' "delfromuser2"
  5. Since that one is not initialized yet, calling getStorage()->getCache() will initialize it.
  6. Initializing the "SharedStorage" for "delfromuser2" will itself call $this->ownerView->getPath()with the id of that share. The owner is "user2" so this is user2's view.
  7. getPath() grabs a list of mount points in $mounts, first one is user2's Home storage and the second one is user2's received SharedMount "delfromuser1"
  8. The same logic as above happens in the loop and the SharedMount "delfromuser1" will initialize the storage again from step1, which causes an infinite loop that way
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.