aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-10-31 19:44:54 +0100
committerJakob Unterwurzacher2017-10-31 19:48:01 +0100
commita1a98abfbb1fe3bd235ca1a7e275f84d41afa417 (patch)
tree21c0f80984b5fd68eacd9b20adad84dc5e2d52c8
parent34547a6c390bfadf2342df1676f6e5ddfa4876af (diff)
main: disallow recursively encrypting ourselves
From https://github.com/rfjakob/gocryptfs/issues/150: mkdir a mkdir a/b gocryptsfs -init -reverse a/ gocryptfs -reverse a/ a/b Now directory a/b/ contains encrypted view of 'a' but it is possible to descend into encrypted version of b (e.g. a/b/43873uhj538765387/) which contains double encrypted 'a' and so on. Reported-by: https://github.com/tigmac
-rw-r--r--mount.go7
1 files changed, 7 insertions, 0 deletions
diff --git a/mount.go b/mount.go
index 4f57381..007cc46 100644
--- a/mount.go
+++ b/mount.go
@@ -47,6 +47,13 @@ func doMount(args *argContainer) int {
args.mountpoint, args.cipherdir)
os.Exit(exitcodes.MountPoint)
}
+ // Reverse-mounting "/foo" at "/foo/mnt" means we would be recursively
+ // encrypting ourselves.
+ if strings.HasPrefix(args.mountpoint, args.cipherdir+"/") {
+ tlog.Fatal.Printf("Mountpoint %q is contained in cipherdir %q, this is not supported",
+ args.mountpoint, args.cipherdir)
+ os.Exit(exitcodes.MountPoint)
+ }
if args.nonempty {
err = checkDir(args.mountpoint)
} else {