From e18c8f23df4af1c9d129dc124269646fcbddcf5e Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@owncloud.com>
Date: Sat, 12 Jul 2014 20:41:35 +0200
Subject: [PATCH] login() must be called after getServerPublicHostKey().

---
 apps/files_external/lib/sftp.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/files_external/lib/sftp.php b/apps/files_external/lib/sftp.php
index fc74d5b2a90..0cec250778f 100644
--- a/apps/files_external/lib/sftp.php
+++ b/apps/files_external/lib/sftp.php
@@ -54,12 +54,8 @@ class SFTP extends \OC\Files\Storage\Common {
 		$hostKeys = $this->readHostKeys();
 		$this->client = new \Net_SFTP($this->host);
 
-		if (!$this->client->login($this->user, $this->password)) {
-			throw new \Exception('Login failed');
-		}
-
+		// The SSH Host Key MUST be verified before login().
 		$currentHostKey = $this->client->getServerPublicHostKey();
-
 		if (array_key_exists($this->host, $hostKeys)) {
 			if ($hostKeys[$this->host] != $currentHostKey) {
 				throw new \Exception('Host public key does not match known key');
@@ -68,6 +64,10 @@ class SFTP extends \OC\Files\Storage\Common {
 			$hostKeys[$this->host] = $currentHostKey;
 			$this->writeHostKeys($hostKeys);
 		}
+
+		if (!$this->client->login($this->user, $this->password)) {
+			throw new \Exception('Login failed');
+		}
 	}
 
 	public function test() {
-- 
GitLab