Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=det 2017-05-25T12:21:55+00:00 2017-05-25T12:21:55+00:00 Jakob Unterwurzacher 2017-05-25T12:21:55+00:00 urn:sha1:9a3f9350fe29083de04bbbe71e20ea169b2e691e This should never happen in normal operation and is a sign of data corruption. Catch it early. 2017-05-23T19:26:38+00:00 Jakob Unterwurzacher 2017-05-23T18:46:24+00:00 urn:sha1:e827763f2e6226d9f5778d56c28270264950c0f5 This fixes a few issues I have found reviewing the code: 1) Limit the amount of data ReadLongName() will read. Previously, you could send gocryptfs into out-of-memory by symlinking gocryptfs.diriv to /dev/zero. 2) Handle the empty input case in unPad16() by returning an error. Previously, it would panic with an out-of-bounds array read. It is unclear to me if this could actually be triggered. 3) Reject empty names after base64-decoding in DecryptName(). An empty name crashes emeCipher.Decrypt(). It is unclear to me if B64.DecodeString() can actually return a non-error empty result, but let's guard against it anyway. 2017-05-22T20:36:54+00:00 Jakob Unterwurzacher 2017-05-22T20:26:59+00:00 urn:sha1:245b84c887955d12cd1113e9a6701ee7338c8255 When a user calls into a deep directory hierarchy, we often get a sequence like this from the kernel: LOOKUP a LOOKUP a/b LOOKUP a/b/c LOOKUP a/b/c/d The diriv cache was not effective for this pattern, because it was designed for this: LOOKUP a/a LOOKUP a/b LOOKUP a/c LOOKUP a/d By also using the cached entry of the grandparent we can avoid lots of diriv reads. This benchmark is against a large encrypted directory hosted on NFS: Before: $ time ls -R nfs-backed-mount > /dev/null real 1m35.976s user 0m0.248s sys 0m0.281s After: $ time ls -R nfs-backed-mount > /dev/null real 1m3.670s user 0m0.217s sys 0m0.403s 2017-05-07T18:58:27+00:00 Jakob Unterwurzacher 2017-05-07T18:58:27+00:00 urn:sha1:26881538e1753e613b4143b28fa339812a9a6d16 nametransform.DecryptName() now always returns syscall.EBADMSG if the name was invalid. fusefrontend.OpenDir error messages have been normalized. 2017-04-29T12:15:13+00:00 Jakob Unterwurzacher 2017-04-29T12:15:13+00:00 urn:sha1:7d38f80a78644c8ec4900cc990bfb894387112ed As reported at https://github.com/rfjakob/gocryptfs/issues/105 , the "ioutil.WriteFile(file, iv, 0400)" call causes "permissions denied" errors on an NFSv4 setup. "strace"ing diriv creation and gocryptfs.conf creation shows this: conf (works on the user's NFSv4 mount): openat(AT_FDCWD, "/tmp/a/gocryptfs.conf.tmp", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3 diriv (fails): openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0400) = 3 This patch creates the diriv file with the same flags that are used for creating the conf: openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3 Closes https://github.com/rfjakob/gocryptfs/issues/105 2017-03-05T21:59:25+00:00 Jakob Unterwurzacher 2017-03-05T21:59:25+00:00 urn:sha1:445b5019e3f5a74409ca66c166cc1c3ccdd3dce7 The symlink functions incorrectly hardcoded the padded base64 variant. 2017-03-05T21:25:41+00:00 Jakob Unterwurzacher 2017-03-05T21:25:41+00:00 urn:sha1:5b54577d2ec553055c06e05841f626c10368c6b6 HashLongName() incorrectly hardcoded the call to base64.URLEncoding. 2017-03-05T16:44:14+00:00 Jakob Unterwurzacher 2017-03-05T16:44:14+00:00 urn:sha1:966308eeb7793a4a8ca578e160981e3b059b82e6 Yields a nice reduction in code size. 2017-03-05T12:58:24+00:00 Jakob Unterwurzacher 2017-03-05T12:58:24+00:00 urn:sha1:e032539e2c09cd4d1f007d33d7ef97b0fec689ed Version 1.1 of the EME package (github.com/rfjakob/eme) added a more convenient interface. Use it. Note that you have to upgrade your EME package (go get -u)! 2016-12-10T10:54:36+00:00 Jakob Unterwurzacher 2016-12-10T10:50:16+00:00 urn:sha1:c9f4400e6dc71a36df5dc9725f52a8968f5f9803 We want all panics to show up in the syslog.