Steps to reproduce
- Upload zip file of 200 mb therrough mobile app (latest version)
- Downcload zip file from web UI
Expected behaviour
zip is valid
Actual behaviour
Server exception:
“reqId”:“vDOXf87RBmBiuxuWkcGB”,“level”:4,“time”:“February 22, 2021 08:16:02”,“remoteAddr”:“127.0.0.1”,“user”:“thommie4”,“app”:“webdav”,“method”:“GET”,“url”:"/owncloud/remote.php/webd
av/Tina/Shared_Tina/threema-backup_2XSN644N_1613979735396_1.zip?downloadStartSecret=hr9qa8gi35m",“message”:“Exception: Bad Signature: {“Exception”:“OC\\HintException”,“Message
“:“Bad Signature”,“Code”:0,“Trace”:”#0 \/var\/www\/owncloud\/apps\/encryption\/lib\/Crypto\/Crypt.php(457): OCA\\Encryption\\Crypto\\Crypt->checkSignature()
\n#1 \/var\/www\/owncloud\/apps\/encryption\/lib\/Crypto\/Encryption.php(362): OCA\\Encryption\\Crypto\\Crypt->symmetricDecryptFileContent()\n#2 \/var\/www\/
owncloud\/lib\/private\/Files\/Stream\/Encryption.php(473): OCA\\Encryption\\Crypto\\Encryption->decrypt(*** sensitive parameters replaced ***)\n#3 \/var\/www\/own
cloud\/lib\/private\/Files\/Stream\/Encryption.php(289): OC\\Files\\Stream\\Encryption->readCache()\n#4 [internal function]: OC\\Files\\Stream\\Encryption->stream_
read()\n#5 \/var\/www\/owncloud\/apps\/files_external\/3rdparty\/icewind\/streams\/src\/Wrapper.php(55): fread()\n#6 \/var\/www\/owncloud\/apps\/files_ext
ernal\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php(96): Icewind\\Streams\\Wrapper->stream_read()\n#7 [internal function]: Icewind\\Streams\\CallbackWrapper->s
tream_read()\n#8 \/var\/www\/owncloud\/lib\/composer\/sabre\/http\/lib\/Sapi.php(112): stream_copy_to_stream()\n#9 \/var\/www\/owncloud\/lib\/composer\/sa
bre\/dav\/lib\/DAV\/Server.php(490): Sabre\\HTTP\\Sapi::sendResponse()\n#10 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(253): S
abre\\DAV\\Server->invokeMethod()\n#11 \/var\/www\/owncloud\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(321): Sabre\\DAV\\Server->start()\n#12 \/var
\/www\/owncloud\/apps\/dav\/appinfo\/v1\/webdav.php(66): Sabre\\DAV\\Server->exec()\n#13 \/var\/www\/owncloud\/remote.php(165): require_once(’\/var\/www\/
ownclo…’)\n#14 {main}”,“File”:”\/var\/www\/owncloud\/apps\/encryption\/lib\/Crypto\/Crypt.php",“Line”:477}"}
Server configuration
Operating system:
ubuntu 18 lts
Web server:
apache 2.4
Database:
mariadb
PHP version:
7.4
ownCloud version: (see ownCloud admin page)
10.6
Updated from an older ownCloud or fresh install:
Where did you install ownCloud from:
tarball
Signing status (ownCloud 9.0 and above):
valid
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
The content of config/config.php:
Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.
or
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.
List of activated apps:
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.
Are you using external storage, if yes which one: local/smb/sftp/…
no
Are you using encryption: yes/no
yes
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
no
LDAP configuration (delete this part if not used)
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Client configuration
Browser:
Operating system:
Logs
Web server error log
Insert your webserver log here
ownCloud log (data/owncloud.log)
Insert your ownCloud log here
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...