diff options
| author | Jakob Unterwurzacher | 2018-10-01 21:28:54 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2019-01-01 16:24:09 +0100 |
| commit | c09bf1f2284706232642431c75fa1f3d8500a9d0 (patch) | |
| tree | 80aa369bc7139cec50865a108d092e413243636d /internal/fusefrontend/ctlsock_interface.go | |
| parent | ed6ed513d7f06178c0de02e8a372c33fe8f842f1 (diff) | |
fusefrontend: make DecryptPath() symlink-safe
DecryptPath is now symlink-safe through the use of *at()
functions.
Diffstat (limited to 'internal/fusefrontend/ctlsock_interface.go')
| -rw-r--r-- | internal/fusefrontend/ctlsock_interface.go | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/internal/fusefrontend/ctlsock_interface.go b/internal/fusefrontend/ctlsock_interface.go index 964775b..730ed58 100644 --- a/internal/fusefrontend/ctlsock_interface.go +++ b/internal/fusefrontend/ctlsock_interface.go @@ -4,9 +4,11 @@ import ( "fmt" "path" "strings" + "syscall" "github.com/rfjakob/gocryptfs/internal/ctlsock" "github.com/rfjakob/gocryptfs/internal/nametransform" + "github.com/rfjakob/gocryptfs/internal/syscallcompat" ) var _ ctlsock.Interface = &FS{} // Verify that interface is implemented. @@ -17,22 +19,31 @@ func (fs *FS) EncryptPath(plainPath string) (string, error) { } // DecryptPath implements ctlsock.Backend -func (fs *FS) DecryptPath(cipherPath string) (string, error) { +func (fs *FS) DecryptPath(cipherPath string) (plainPath string, err error) { + dirfd, err := syscall.Open(fs.args.Cipherdir, syscall.O_RDONLY, 0) + if err != nil { + return "", err + } + defer syscall.Close(dirfd) + return fs.decryptPathAt(dirfd, cipherPath) +} + +// decryptPathAt decrypts a ciphertext path relative to dirfd. +func (fs *FS) decryptPathAt(dirfd int, cipherPath string) (plainPath string, err error) { if fs.args.PlaintextNames || cipherPath == "" { return cipherPath, nil } - plainPath := "" parts := strings.Split(cipherPath, "/") - wd := fs.args.Cipherdir - for _, part := range parts { - dirIV, err := nametransform.ReadDirIV(wd) + wd := dirfd + for i, part := range parts { + dirIV, err := nametransform.ReadDirIVAt(wd) if err != nil { fmt.Printf("ReadDirIV: %v\n", err) return "", err } longPart := part if nametransform.IsLongContent(part) { - longPart, err = nametransform.ReadLongName(wd + "/" + part) + longPart, err = nametransform.ReadLongNameAt(wd, part) if err != nil { fmt.Printf("ReadLongName: %v\n", err) return "", err @@ -44,7 +55,21 @@ func (fs *FS) DecryptPath(cipherPath string) (string, error) { return "", err } plainPath = path.Join(plainPath, name) - wd = path.Join(wd, part) + // Last path component? We are done. + if i == len(parts)-1 { + break + } + // Descend into next directory + oldWd := wd + wd, err = syscallcompat.Openat(wd, part, syscall.O_NOFOLLOW, 0) + if err != nil { + return "", err + } + // Unless we are in the first iteration, where dirfd is our wd, close + // the old working directory. + if i > 0 { + syscall.Close(oldWd) + } } return plainPath, nil } |