fusefrontend: readFileID: reject files that consist only of a header

A header-only file will be considered empty (this is not supposed to happen). This makes File ID poisoning more difficult.
author: Jakob Unterwurzacher 2017-03-12 21:11:02 +0100
committer: Jakob Unterwurzacher 2017-03-12 21:11:02 +0100
commit: 14038a1644f17f50b113a05d09a2a0a3b3e973b2 (patch)
tree: 41a0ac555231b210fc9b89a5d055cf2158fc6f65
parent: d36d53c9bbf1b1f1c34578d443770672528e4466 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go
index 5fe866b..dac7510 100644
--- a/internal/fusefrontend/file.go
+++ b/internal/fusefrontend/file.go
@@ -91,11 +91,20 @@ func (f *file) SetInode(n *nodefs.Inode) {
 // readFileID loads the file header from disk and extracts the file ID.
 // Returns io.EOF if the file is empty.
 func (f *file) readFileID() ([]byte, error) {
-	buf := make([]byte, contentenc.HeaderLen)
-	_, err := f.fd.ReadAt(buf, 0)
+	// We read +1 byte to determine if the file has actual content
+	// and not only the header. A header-only file will be considered empty.
+	// This makes File ID poisoning more difficult.
+	readLen := contentenc.HeaderLen + 1
+	buf := make([]byte, readLen)
+	n, err := f.fd.ReadAt(buf, 0)
 	if err != nil {
+		if err == io.EOF && n != 0 {
+			tlog.Warn.Printf("ino%d: readFileID: incomplete file, got %d instead of %d bytes",
+				f.devIno.ino, n, readLen)
+		}
 		return nil, err
 	}
+	buf = buf[:contentenc.HeaderLen]
 	h, err := contentenc.ParseHeader(buf)
 	if err != nil {
 		return nil, err
author	Jakob Unterwurzacher	2017-03-12 21:11:02 +0100
committer	Jakob Unterwurzacher	2017-03-12 21:11:02 +0100
commit	14038a1644f17f50b113a05d09a2a0a3b3e973b2 (patch)
tree	41a0ac555231b210fc9b89a5d055cf2158fc6f65
parent	d36d53c9bbf1b1f1c34578d443770672528e4466 (diff)