From 24ca4f835f12ff2c692e7d3cab6c7d93b4a551b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 25 Jun 2024 12:18:21 +0200
Subject: [PATCH] return 400 when bad path was used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 internal/http/services/owncloud/ocdav/put.go | 26 +++++++++++++-------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/internal/http/services/owncloud/ocdav/put.go b/internal/http/services/owncloud/ocdav/put.go
index 5add5740dc..c2d38bd89f 100644
--- a/internal/http/services/owncloud/ocdav/put.go
+++ b/internal/http/services/owncloud/ocdav/put.go
@@ -115,6 +115,14 @@ func (s *svc) handlePathPut(w http.ResponseWriter, r *http.Request, ns string) {
 	fn := path.Join(ns, r.URL.Path)
 
 	sublog := appctx.GetLogger(ctx).With().Str("path", fn).Logger()
+
+	if err := ValidateName(filepath.Base(fn), s.nameValidators); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
+		errors.HandleWebdavError(&sublog, w, b, err)
+		return
+	}
+
 	space, status, err := spacelookup.LookUpStorageSpaceForPath(ctx, s.gatewaySelector, fn)
 	if err != nil {
 		sublog.Error().Err(err).Str("path", fn).Msg("failed to look up storage space")
@@ -135,20 +143,13 @@ func (s *svc) handlePut(ctx context.Context, w http.ResponseWriter, r *http.Requ
 		return
 	}
 
-	length, err := getContentLength(w, r)
+	length, err := getContentLength(r)
 	if err != nil {
 		log.Error().Err(err).Msg("error getting the content length")
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
 
-	if err := ValidateName(filepath.Base(ref.Path), s.nameValidators); err != nil {
-		w.WriteHeader(http.StatusBadRequest)
-		b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
-		errors.HandleWebdavError(&log, w, b, err)
-		return
-	}
-
 	client, err := s.gatewaySelector.Next()
 	if err != nil {
 		log.Error().Err(err).Msg("error selecting next gateway client")
@@ -411,6 +412,13 @@ func (s *svc) handleSpacesPut(w http.ResponseWriter, r *http.Request, spaceID st
 		return
 	}
 
+	if err := ValidateName(filepath.Base(ref.Path), s.nameValidators); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
+		errors.HandleWebdavError(&sublog, w, b, err)
+		return
+	}
+
 	s.handlePut(ctx, w, r, &ref, sublog)
 }
 
@@ -432,7 +440,7 @@ func checkPreconditions(w http.ResponseWriter, r *http.Request, log zerolog.Logg
 	return true
 }
 
-func getContentLength(w http.ResponseWriter, r *http.Request) (int64, error) {
+func getContentLength(r *http.Request) (int64, error) {
 	length, err := strconv.ParseInt(r.Header.Get(net.HeaderContentLength), 10, 64)
 	if err != nil {
 		// Fallback to Upload-Length