nametransform: Return error if decrypted name is '.' or '..'

author: Sebastian Lackner 2017-11-22 06:11:19 +0100
committer: rfjakob 2017-11-22 23:42:08 +0100
commit: c547673529cb4934ab885081f5682e85aa994f79 (patch)
tree: e3ebf3f871bae7829ea4b8377a3ca33eb648afe2
parent: f3c777d5eaa682d878c638192311e52f9c204294 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 94fa453..65e6f06 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -65,6 +65,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
 	if bytes.Contains(bin, []byte{0}) || bytes.Contains(bin, []byte("/")) {
 		return "", syscall.EBADMSG
 	}
+	// The name should never be "." or "..".
+	if bytes.Equal(bin, []byte(".")) || bytes.Equal(bin, []byte("..")) {
+		return "", syscall.EBADMSG
+	}
 	plain := string(bin)
 	return plain, err
 }
author	Sebastian Lackner	2017-11-22 06:11:19 +0100
committer	rfjakob	2017-11-22 23:42:08 +0100
commit	c547673529cb4934ab885081f5682e85aa994f79 (patch)
tree	e3ebf3f871bae7829ea4b8377a3ca33eb648afe2
parent	f3c777d5eaa682d878c638192311e52f9c204294 (diff)