summaryrefslogtreecommitdiff
path: root/internal/fusefrontend
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-05-23 20:46:24 +0200
committerJakob Unterwurzacher2017-05-23 21:26:38 +0200
commite827763f2e6226d9f5778d56c28270264950c0f5 (patch)
tree2f5f4adeed482dd473cc4714b97a8903806fdbb3 /internal/fusefrontend
parent508fd9e1d64131958c86175cb8d848f730e629cf (diff)
nametransform: harden name decryption against invalid input
This fixes a few issues I have found reviewing the code: 1) Limit the amount of data ReadLongName() will read. Previously, you could send gocryptfs into out-of-memory by symlinking gocryptfs.diriv to /dev/zero. 2) Handle the empty input case in unPad16() by returning an error. Previously, it would panic with an out-of-bounds array read. It is unclear to me if this could actually be triggered. 3) Reject empty names after base64-decoding in DecryptName(). An empty name crashes emeCipher.Decrypt(). It is unclear to me if B64.DecodeString() can actually return a non-error empty result, but let's guard against it anyway.
Diffstat (limited to 'internal/fusefrontend')
-rw-r--r--internal/fusefrontend/fs_dir.go11
1 files changed, 4 insertions, 7 deletions
diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go
index 7d1e3ef..30e715a 100644
--- a/internal/fusefrontend/fs_dir.go
+++ b/internal/fusefrontend/fs_dir.go
@@ -273,16 +273,14 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
// silently ignore "gocryptfs.conf" in the top level dir
continue
}
- if !fs.args.PlaintextNames && cName == nametransform.DirIVFilename {
- // silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
- continue
- }
-
if fs.args.PlaintextNames {
plain = append(plain, cipherEntries[i])
continue
}
-
+ if cName == nametransform.DirIVFilename {
+ // silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
+ continue
+ }
// Handle long file name
isLong := nametransform.LongNameNone
if fs.args.LongNames {
@@ -301,7 +299,6 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
// ignore "gocryptfs.longname.*.name"
continue
}
-
name, err := fs.nameTransform.DecryptName(cName, cachedIV)
if err != nil {
tlog.Warn.Printf("OpenDir %q: invalid entry %q: %v",