Check for invalid length ($dataLength) in lib/Push.php

[therealbstern]

Steps to reproduce

1. Look at

   notifications/lib/Push.php

   Line 267 in aab3988

   $dataLength = 245 - strlen(json_encode($data));

2. Observe the check against $dataLength is always true when strlen(json_encode($data)) >= 245.
3. Insert the below before line 268:

if ($datalength <= 0) {
    throw new \InvalidArgumentException('Encoded JSON is too long');
}

and insert the following below the old line 269:

if ($data['subject'] === FALSE) {
     throw new \InvalidArgumentException("Couldn't truncate subject line");
}

Expected behaviour

Code shouldn't use substr with a negative length. Code should also check the return value of substr.

From https://www.php.net/manual/en/function.substr.php

If length is given and is negative, then that many characters will be omitted from the end of string (after the start position has been calculated when a start is negative). If start denotes the position of this truncation or beyond, FALSE will be returned.

Actual behaviour

Code doesn't check $dataLength or the return from substr.

Server configuration

Operating system: Any

Web server: Any

Database: Any

PHP version: 7, but the problem exists in 5 and possibly earlier.

Nextcloud version: 16.0.4 (but any version using this code)

Where did you install Nextcloud from: https://download.nextcloud.com/server/releases/nextcloud-16.0.4.tar.bz2

Signing status:
N/A

List of activated apps:

Notifications, others, not relevant to this

Nextcloud configuration:
Are you using an external user-backend, if yes which one:

Client configuration

Logs

Nextcloud log (data/owncloud.log)

Browser log

All N/A

[nickvergessen]

Its already fixed for 16.0.5 which will be released on thursday
#414