From 5a61a794d4aefaab05a273a12b509a1585a679d0 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Tue, 9 May 2017 13:00:07 +0200
Subject: [PATCH] Do not write and read rootcerts.crt at the same time

(Possibly) fixes #3470

When updating the main file /files_external/rootcerts.crt we should not
read from /files_external/rootcerts.crt at the same time.

For 2 reasons: writing to a file and reading from it at the same time
can have non deterministic results

And we don't want all the certificates to appear 2 times in there.

This isn't caught by our standard file locking (that does not allow this
actually) because it is in a non locked path....

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/Security/CertificateManager.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index 461ef9457a7..4419b56012f 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -119,7 +119,8 @@ class CertificateManager implements ICertificateManager {
 			return;
 		}
 
-		$fhCerts = $this->view->fopen($path . '/rootcerts.crt', 'w');
+		$certPath = $path . 'rootcerts.crt';
+		$fhCerts = $this->view->fopen($certPath, 'w');
 
 		// Write user certificates
 		foreach ($certs as $cert) {
@@ -136,7 +137,7 @@ class CertificateManager implements ICertificateManager {
 
 		// Append the system certificate bundle
 		$systemBundle = $this->getCertificateBundle(null);
-		if ($this->view->file_exists($systemBundle)) {
+		if ($systemBundle !== $certPath && $this->view->file_exists($systemBundle)) {
 			$systemCertificates = $this->view->file_get_contents($systemBundle);
 			fwrite($fhCerts, $systemCertificates);
 		}
-- 
GitLab