vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit ce9d93003cd37a79edba1ba830a6c6d3fa22c2c8
parent 331f6c08fe5e8ad996705c83e47aa12a5651519e
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Wed, 27 Jul 2022 17:39:07 +0200

Merge pull request #2650 from BlackDex/mitigate-mobile-client-uploads

Mitigate attachment/send upload issues
Diffstat:

Msrc/api/core/ciphers.rs | 11+++++++++++


Msrc/api/core/sends.rs | 11+++++++++++


2 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -947,6 +947,17 @@ async fn save_attachment(
 
     let mut data = data.into_inner();
 
+    // There seems to be a bug somewhere regarding uploading attachments using the Android Client (Maybe iOS too?)
+    // See: https://github.com/dani-garcia/vaultwarden/issues/2644
+    // Since all other clients seem to match TempFile::File and not TempFile::Buffered lets catch this and return an error for now.
+    // We need to figure out how to solve this, but for now it's better to not accept these attachments since they will be broken.
+    if let TempFile::Buffered {
+        content: _,
+    } = &data.data
+    {
+        err!("Error reading attachment data. Please try an other client.");
+    }
+
     if let Some(size_limit) = size_limit {
         if data.data.len() > size_limit {
             err!("Attachment storage limit exceeded with this file");
diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs
@@ -216,6 +216,17 @@ async fn post_send_file(data: Form<UploadData<'_>>, headers: Headers, conn: DbCo
         err!("Send content is not a file");
     }
 
+    // There seems to be a bug somewhere regarding uploading attachments using the Android Client (Maybe iOS too?)
+    // See: https://github.com/dani-garcia/vaultwarden/issues/2644
+    // Since all other clients seem to match TempFile::File and not TempFile::Buffered lets catch this and return an error for now.
+    // We need to figure out how to solve this, but for now it's better to not accept these attachments since they will be broken.
+    if let TempFile::Buffered {
+        content: _,
+    } = &data
+    {
+        err!("Error reading send file data. Please try an other client.");
+    }
+
     let size = data.len();
     if size > size_limit {
         err!("Attachment storage limit exceeded with this file");