Trying to access array offset on value of type bool at ... SFTP.php

When uploading, modifying or deleting a file in the SFTP external storage the log is spammed with the message below. This doesn’t seem to have user facing consequences, but in a very large installation the logs become huge. Happens both when using the web interface and a desktop client.

We recently updated from 10.3.2 to 10.13.4, and PHP went from 7.2 to 7.4. The issue didn’t seem to exist with the old version.

"remoteAddr":"XXX","user":"testuser","app":"PHP","method":"PUT","url":"\/remote.php\/dav\/files\/testuser\/SFTP\/New%20folder\/testfile.jpg","message":"Trying to access array offset on value of type bool at \/owncloud\/webapp\/owncloud-10.13.4\/apps\/files_external\/lib\/Lib\/Storage\/SFTP.php#325"

"remoteAddr":"XXX","user":"testuser","app":"PHP","method":"PUT","url":"\/remote.php\/dav\/files\/testuser\/SFTP\/New%20folder\/testfile.jpg","message":"Trying to access array offset on value of type bool at \/owncloud\/webapp\/owncloud-10.13.4\/apps\/files_external\/lib\/Lib\/Storage\/SFTP.php#331"

Steps to reproduce

  1. Set up SFTP storage with the files_external app
  2. Upload some files into the SFTP directory, either via the web interface or a desktop app
  3. The operation completes but the log is spammed with the error

Expected behaviour

No error should be logged

Actual behaviour

The log is spammed with the error above:

Server configuration

Operating system:
Rocky Linux 8.8

Web server:
Apache 2.4.37

Database:
Mysql 10.11.6

PHP version:
7.4

ownCloud version: (see ownCloud admin page)
10.13.4.1

Updated from an older ownCloud or fresh install:
Updated from 10.3.2

Where did you install ownCloud from:
Installed manually using the minimal server package from website

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 

paste the results into https://gist.github and puth the link here.

No errors have been found.

The content of config/config.php:

‘instanceid’ => ‘xxx’,
‘passwordsalt’ => ‘xxx’,
‘secret’ => ‘xxx’,
‘trusted_domains’ =>
array (
0 => ‘ourdomain’,
),
‘datadirectory’ => ‘/owncloud/data-production’,
‘overwrite.cli.url’ => ‘ourdomain’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘10.13.4.1’,
‘dbname’ => ‘cloud_dev’,
‘dbhost’ => ‘xxxx’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘user’,
‘dbpassword’ => ‘passwd’,
‘installed’ => true,
‘mail_smtpmode’ => ‘smtp’,
‘mail_from_address’ => ‘NOREPLY’,
‘mail_domain’ => ‘ourdomain’,
‘mail_smtphost’ => ‘internalmailrelay.ourdomain’,
‘mail_smtpport’ => ‘25’,
‘forcessl’ => true,
‘ldapIgnoreNamingRules’ => false,
‘loglevel’ => 3,
‘logtimezone’ => ‘UTC’,
‘knowledgebaseenabled’ => false,
‘maintenance’ => false,
‘filelocking.enabled’ => true,
‘memcache.distributed’ => ‘\OC\Memcache\Redis’,
‘memcache.local’ => ‘\OC\Memcache\Redis’,
‘memcache.locking’ => ‘\OC\Memcache\Redis’,
‘redis’ =>
array (
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
),
‘trashbin_retention_obligation’ => ‘auto’,
‘integrity.ignore.missing.app.signature’ =>
array (
0 => ‘theme-ours’,
),
‘allow_user_to_change_mail_address’ => ‘’

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

  • activity:
    • Version: 2.7.2
    • Path: /owncloud/webapp/owncloud-10.13.4/apps/activity
    • comments:
      • Version: 0.3.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/comments
    • configreport:
      • Version: 0.2.2
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/configreport
    • dav:
      • Version: 0.7.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/dav
    • federatedfilesharing:
      • Version: 0.5.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/federatedfilesharing
    • federation:
      • Version: 0.1.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/federation
    • files:
      • Version: 1.6.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files
    • files_external:
      • Version: 0.9.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files_external
    • files_mediaviewer:
      • Version: 1.0.5
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files_mediaviewer
    • files_sharing:
      • Version: 0.14.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files_sharing
    • files_texteditor:
      • Version: 2.6.1
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files_texteditor
    • files_trashbin:
      • Version: 0.9.1
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files_trashbin
    • files_versions:
      • Version: 1.3.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/files_versions
    • firstrunwizard:
      • Version: 1.3.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/firstrunwizard
    • market:
      • Version: 0.8.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/market
    • notifications:
      • Version: 0.6.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/notifications
    • provisioning_api:
      • Version: 0.5.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/provisioning_api
    • systemtags:
      • Version: 0.3.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/systemtags
    • theme-ours:
      • Version: 1.0.3
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/theme-uoe
    • user_ldap:
      • Version: 0.18.0
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/user_ldap
        Disabled:
    • encryption:
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/encryption
    • external:
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/external
    • updatenotification:
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/updatenotification
    • user_external:
      • Path: /owncloud/webapp/owncloud-10.13.4/apps/user_external
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…
SFTP

Are you using encryption: yes/no
NO

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
LDAP

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

From ownCloud side, I think the biggest change that happened around is the library update from phpseclib 2 to 3. I don’t discard changes in the code, but I don’t think there should be any problem.

A couple of things that you can test:

  • Try to connect to a different SFTP server
  • If you’re using RSA authentication for the SFTP server:
    • Try to regenerate a new key
    • Try to use username + password instead.

I see some changes in the phpseclib regarding the initialization of the connection. I’m not fully sure but maybe versions of the SFTP protocol outside of 2 to 6 aren’t supported without providing a password. This is why I’m suggesting to try a different server or use username + password (which should bypass that check). Another option is that the SFTP server doesn’t announce the supported protocol version, which could confuse the library.

Hi,

the nextcloud people seem to have solved this by adding a couple of checks to the filetype() function in SFTP.php. I tried it and it seems to work for me, the error is gone. Here’s what they do:

public function filetype($path) {
              try {
                      $stat = $this->getConnection()->stat($this->absPath($path));
                      if (!is_array($stat) || !array_key_exists('type', $stat)) {
                              return false;
                      }
                      if ((int) $stat['type'] === NET_SFTP_TYPE_REGULAR) {
                              return 'file';
                      }
                      if ((int) $stat['type'] === NET_SFTP_TYPE_DIRECTORY) {
                              return 'dir';
                      }
              } catch (\Exception $e) {
              }
              return false;
      }

However, I have another place where a very similar error pops up, this time only when accessing via a desktop app

"app":"PHP","method":"PROPFIND","url":"/remote.php/dav/files/user/","message":"Trying to access array offset on value of type null at /owncloud/webapp/owncloud-10.13.4/apps/files_external/lib/Lib/RSAStore.php#107"

Unfortunately nextcloud got rid of RSAStore.php :wink:

Hey,

i’m not sure but i think this should be raised as a new issue for the ownCloud people Issues · owncloud/core · GitHub because i don’t think that the ownCloud community can provide support for issues like this showing up after an update.

1 Like

I’ve just done that, thank you

2 Likes

Hey,

this is great. Here is a reference to the opened issue:

1 Like