main: disallow recursively encrypting ourselves

From https://github.com/rfjakob/gocryptfs/issues/150: mkdir a mkdir a/b gocryptsfs -init -reverse a/ gocryptfs -reverse a/ a/b Now directory a/b/ contains encrypted view of 'a' but it is possible to descend into encrypted version of b (e.g. a/b/43873uhj538765387/) which contains double encrypted 'a' and so on. Reported-by: https://github.com/tigmac
author: Jakob Unterwurzacher 2017-10-31 19:44:54 +0100
committer: Jakob Unterwurzacher 2017-10-31 19:48:01 +0100
commit: a1a98abfbb1fe3bd235ca1a7e275f84d41afa417 (patch)
tree: 21c0f80984b5fd68eacd9b20adad84dc5e2d52c8
parent: 34547a6c390bfadf2342df1676f6e5ddfa4876af (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/mount.go b/mount.go
index 4f57381..007cc46 100644
--- a/mount.go
+++ b/mount.go
@@ -47,6 +47,13 @@ func doMount(args *argContainer) int {
 			args.mountpoint, args.cipherdir)
 		os.Exit(exitcodes.MountPoint)
 	}
+	// Reverse-mounting "/foo" at "/foo/mnt" means we would be recursively
+	// encrypting ourselves.
+	if strings.HasPrefix(args.mountpoint, args.cipherdir+"/") {
+		tlog.Fatal.Printf("Mountpoint %q is contained in cipherdir %q, this is not supported",
+			args.mountpoint, args.cipherdir)
+		os.Exit(exitcodes.MountPoint)
+	}
 	if args.nonempty {
 		err = checkDir(args.mountpoint)
 	} else {
author	Jakob Unterwurzacher	2017-10-31 19:44:54 +0100
committer	Jakob Unterwurzacher	2017-10-31 19:48:01 +0100
commit	a1a98abfbb1fe3bd235ca1a7e275f84d41afa417 (patch)
tree	21c0f80984b5fd68eacd9b20adad84dc5e2d52c8
parent	34547a6c390bfadf2342df1676f6e5ddfa4876af (diff)