aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-12-06 00:05:28 +0100
committerJakob Unterwurzacher2017-12-06 00:06:31 +0100
commita3bdc2bf2b7b7ed34e2d68fc698e1dd136f2e67a (patch)
tree1f651ae683806188716b9cf212edb66d5571bb41
parent03bf604fc08abc9bb2d75bde21c96c9df4894a3b (diff)
fusefrontend_reverse: secure GetAttr against symlink races
...by using the OpenNofollow helper & Fstatat. Also introduce a helper to convert from unix.Stat_t to syscall.Stat_t. Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
-rw-r--r--internal/fusefrontend_reverse/rfs.go19
-rw-r--r--internal/syscallcompat/unix2syscall.go28
2 files changed, 38 insertions, 9 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 0329cc9..0b9e34c 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -7,6 +7,8 @@ import (
"path/filepath"
"syscall"
+ "golang.org/x/sys/unix"
+
"github.com/hanwen/go-fuse/fuse"
"github.com/hanwen/go-fuse/fuse/nodefs"
"github.com/hanwen/go-fuse/fuse/pathfs"
@@ -150,15 +152,13 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
if err != nil {
return nil, fuse.ToStatus(err)
}
- absPath, _ := rfs.abs(pRelPath, nil)
- // Stat the backing file
- var st syscall.Stat_t
- if relPath == "" {
- // Look through symlinks for the root dir
- err = syscall.Stat(absPath, &st)
- } else {
- err = syscall.Lstat(absPath, &st)
+ // Stat the backing file/dir using Fstatat
+ var st unix.Stat_t
+ dirFd, err := syscallcompat.OpenNofollow(rfs.args.Cipherdir, filepath.Dir(pRelPath), syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
+ if err != nil {
+ return nil, fuse.ToStatus(err)
}
+ err = syscallcompat.Fstatat(dirFd, filepath.Base(pRelPath), &st, unix.AT_SYMLINK_NOFOLLOW)
if err != nil {
return nil, fuse.ToStatus(err)
}
@@ -169,7 +169,8 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
return nil, fuse.ToStatus(syscall.EOVERFLOW)
}
var a fuse.Attr
- a.FromStat(&st)
+ st2 := syscallcompat.Unix2syscall(st)
+ a.FromStat(&st2)
// Calculate encrypted file size
if a.IsRegular() {
a.Size = rfs.contentEnc.PlainSizeToCipherSize(a.Size)
diff --git a/internal/syscallcompat/unix2syscall.go b/internal/syscallcompat/unix2syscall.go
new file mode 100644
index 0000000..3162025
--- /dev/null
+++ b/internal/syscallcompat/unix2syscall.go
@@ -0,0 +1,28 @@
+package syscallcompat
+
+import (
+ "syscall"
+
+ "golang.org/x/sys/unix"
+)
+
+// Unix2syscall converts a unix.Stat_t struct to a syscall.Stat_t struct.
+// A direct cast does not work because the padding is named differently in
+// unix.Stat_t for some reason ("X__unused" in syscall, "_" in unix).
+func Unix2syscall(u unix.Stat_t) syscall.Stat_t {
+ return syscall.Stat_t{
+ Dev: u.Dev,
+ Ino: u.Ino,
+ Nlink: u.Nlink,
+ Mode: u.Mode,
+ Uid: u.Uid,
+ Gid: u.Gid,
+ Rdev: u.Rdev,
+ Size: u.Size,
+ Blksize: u.Blksize,
+ Blocks: u.Blocks,
+ Atim: syscall.Timespec(u.Atim),
+ Mtim: syscall.Timespec(u.Mtim),
+ Ctim: syscall.Timespec(u.Ctim),
+ }
+}