diff options
author | Jakob Unterwurzacher | 2017-12-06 00:05:28 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-12-06 00:06:31 +0100 |
commit | a3bdc2bf2b7b7ed34e2d68fc698e1dd136f2e67a (patch) | |
tree | 1f651ae683806188716b9cf212edb66d5571bb41 | |
parent | 03bf604fc08abc9bb2d75bde21c96c9df4894a3b (diff) |
fusefrontend_reverse: secure GetAttr against symlink races
...by using the OpenNofollow helper & Fstatat.
Also introduce a helper to convert from unix.Stat_t to
syscall.Stat_t.
Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
-rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 19 | ||||
-rw-r--r-- | internal/syscallcompat/unix2syscall.go | 28 |
2 files changed, 38 insertions, 9 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index 0329cc9..0b9e34c 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -7,6 +7,8 @@ import ( "path/filepath" "syscall" + "golang.org/x/sys/unix" + "github.com/hanwen/go-fuse/fuse" "github.com/hanwen/go-fuse/fuse/nodefs" "github.com/hanwen/go-fuse/fuse/pathfs" @@ -150,15 +152,13 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr if err != nil { return nil, fuse.ToStatus(err) } - absPath, _ := rfs.abs(pRelPath, nil) - // Stat the backing file - var st syscall.Stat_t - if relPath == "" { - // Look through symlinks for the root dir - err = syscall.Stat(absPath, &st) - } else { - err = syscall.Lstat(absPath, &st) + // Stat the backing file/dir using Fstatat + var st unix.Stat_t + dirFd, err := syscallcompat.OpenNofollow(rfs.args.Cipherdir, filepath.Dir(pRelPath), syscall.O_RDONLY|syscall.O_DIRECTORY, 0) + if err != nil { + return nil, fuse.ToStatus(err) } + err = syscallcompat.Fstatat(dirFd, filepath.Base(pRelPath), &st, unix.AT_SYMLINK_NOFOLLOW) if err != nil { return nil, fuse.ToStatus(err) } @@ -169,7 +169,8 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr return nil, fuse.ToStatus(syscall.EOVERFLOW) } var a fuse.Attr - a.FromStat(&st) + st2 := syscallcompat.Unix2syscall(st) + a.FromStat(&st2) // Calculate encrypted file size if a.IsRegular() { a.Size = rfs.contentEnc.PlainSizeToCipherSize(a.Size) diff --git a/internal/syscallcompat/unix2syscall.go b/internal/syscallcompat/unix2syscall.go new file mode 100644 index 0000000..3162025 --- /dev/null +++ b/internal/syscallcompat/unix2syscall.go @@ -0,0 +1,28 @@ +package syscallcompat + +import ( + "syscall" + + "golang.org/x/sys/unix" +) + +// Unix2syscall converts a unix.Stat_t struct to a syscall.Stat_t struct. +// A direct cast does not work because the padding is named differently in +// unix.Stat_t for some reason ("X__unused" in syscall, "_" in unix). +func Unix2syscall(u unix.Stat_t) syscall.Stat_t { + return syscall.Stat_t{ + Dev: u.Dev, + Ino: u.Ino, + Nlink: u.Nlink, + Mode: u.Mode, + Uid: u.Uid, + Gid: u.Gid, + Rdev: u.Rdev, + Size: u.Size, + Blksize: u.Blksize, + Blocks: u.Blocks, + Atim: syscall.Timespec(u.Atim), + Mtim: syscall.Timespec(u.Mtim), + Ctim: syscall.Timespec(u.Ctim), + } +} |