aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-01-17 21:36:38 +0100
committerJakob Unterwurzacher2018-01-17 21:36:38 +0100
commita2677bce2a632d80850fabb1e397558d8a07742b (patch)
tree95ddc90b50368abc610d37ca78a97827200977e7
parent959e1fc1e2f531480ad1353179fc94f56ff76dce (diff)
fusefrontend_reverse: use OpenNofollow in virtualFile.GetAttr
Makes it robust against symlink races. Final piece, closes https://github.com/rfjakob/gocryptfs/issues/165
-rw-r--r--internal/fusefrontend_reverse/reverse_longnames.go4
-rw-r--r--internal/fusefrontend_reverse/virtualfile.go37
2 files changed, 29 insertions, 12 deletions
diff --git a/internal/fusefrontend_reverse/reverse_longnames.go b/internal/fusefrontend_reverse/reverse_longnames.go
index 4ddff2b..5ea7c0a 100644
--- a/internal/fusefrontend_reverse/reverse_longnames.go
+++ b/internal/fusefrontend_reverse/reverse_longnames.go
@@ -113,6 +113,6 @@ func (rfs *ReverseFS) newNameFile(relPath string) (nodefs.File, fuse.Status) {
return nil, fuse.ToStatus(err)
}
content := []byte(rfs.nameTransform.EncryptName(pName, dirIV))
- parentFile := filepath.Join(rfs.args.Cipherdir, pDir, pName)
- return rfs.newVirtualFile(content, parentFile, inoBaseNameFile)
+ parentFile := filepath.Join(pDir, pName)
+ return rfs.newVirtualFile(content, rfs.args.Cipherdir, parentFile, inoBaseNameFile)
}
diff --git a/internal/fusefrontend_reverse/virtualfile.go b/internal/fusefrontend_reverse/virtualfile.go
index 2fae175..8509b87 100644
--- a/internal/fusefrontend_reverse/virtualfile.go
+++ b/internal/fusefrontend_reverse/virtualfile.go
@@ -2,13 +2,17 @@ package fusefrontend_reverse
import (
"log"
+ "path/filepath"
"syscall"
+ "golang.org/x/sys/unix"
+
"github.com/hanwen/go-fuse/fuse"
"github.com/hanwen/go-fuse/fuse/nodefs"
"github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/pathiv"
+ "github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -33,11 +37,12 @@ const (
func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
cDir := nametransform.Dir(cRelPath)
- absDir, err := rfs.abs(rfs.decryptPath(cDir))
+ dir, err := rfs.decryptPath(cDir)
if err != nil {
return nil, fuse.ToStatus(err)
}
- return rfs.newVirtualFile(pathiv.Derive(cDir, pathiv.PurposeDirIV), absDir, inoBaseDirIV)
+ iv := pathiv.Derive(cDir, pathiv.PurposeDirIV)
+ return rfs.newVirtualFile(iv, rfs.args.Cipherdir, dir, inoBaseDirIV)
}
type virtualFile struct {
@@ -45,7 +50,9 @@ type virtualFile struct {
nodefs.File
// file content
content []byte
- // absolute path to a parent file
+ // backing directory
+ cipherdir string
+ // path to a parent file (relative to cipherdir)
parentFile string
// inode number of a virtual file is inode of parent file plus inoBase
inoBase uint64
@@ -53,15 +60,17 @@ type virtualFile struct {
// newVirtualFile creates a new in-memory file that does not have a representation
// on disk. "content" is the file content. Timestamps and file owner are copied
-// from "parentFile" (absolute plaintext path). For a "gocryptfs.diriv" file, you
-// would use the parent directory as "parentFile".
-func (rfs *ReverseFS) newVirtualFile(content []byte, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) {
+// from "parentFile" (plaintext path relative to "cipherdir").
+// For a "gocryptfs.diriv" file, you would use the parent directory as
+// "parentFile".
+func (rfs *ReverseFS) newVirtualFile(content []byte, cipherdir string, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) {
if inoBase < inoBaseMin {
log.Panicf("BUG: virtual inode number base %d is below reserved space", inoBase)
}
return &virtualFile{
File: nodefs.NewDefaultFile(),
content: content,
+ cipherdir: cipherdir,
parentFile: parentFile,
inoBase: inoBase,
}, fuse.OK
@@ -81,10 +90,17 @@ func (f *virtualFile) Read(buf []byte, off int64) (resultData fuse.ReadResult, s
// GetAttr - FUSE call
func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
- var st syscall.Stat_t
- err := syscall.Lstat(f.parentFile, &st)
+ dir := filepath.Dir(f.parentFile)
+ dirfd, err := syscallcompat.OpenNofollow(f.cipherdir, dir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ defer syscall.Close(dirfd)
+ name := filepath.Base(f.parentFile)
+ var st unix.Stat_t
+ err = syscallcompat.Fstatat(dirfd, name, &st, unix.AT_SYMLINK_NOFOLLOW)
if err != nil {
- tlog.Debug.Printf("GetAttr: Lstat %q: %v\n", f.parentFile, err)
+ tlog.Debug.Printf("GetAttr: Fstatat %q: %v\n", f.parentFile, err)
return fuse.ToStatus(err)
}
if st.Ino > inoBaseMin {
@@ -96,6 +112,7 @@ func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
st.Size = int64(len(f.content))
st.Mode = virtualFileMode
st.Nlink = 1
- a.FromStat(&st)
+ st2 := syscallcompat.Unix2syscall(st)
+ a.FromStat(&st2)
return fuse.OK
}