fusefrontend_reverse: use OpenNofollow in findLongnameParent

Protects findLongnameParent against symlink races. Also add comments to several functions along the way. Reported at https://github.com/rfjakob/gocryptfs/issues/165
author: Jakob Unterwurzacher 2018-01-17 20:52:52 +0100
committer: Jakob Unterwurzacher 2018-01-17 20:54:05 +0100
commit: 959e1fc1e2f531480ad1353179fc94f56ff76dce (patch)
tree: 42f4646f9b3f1a30414451a8942aeda5547bd0f8 /internal/fusefrontend_reverse/rpath.go
parent: 8951eb2472d6af50554806df2ffd655f53da8bfe (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go
index 2dc76e1..b783686 100644
--- a/internal/fusefrontend_reverse/rpath.go
+++ b/internal/fusefrontend_reverse/rpath.go
@@ -24,6 +24,9 @@ func (rfs *ReverseFS) abs(relPath string, err error) (string, error) {
 	return filepath.Join(rfs.args.Cipherdir, relPath), nil
 }
 
+// rDecryptName decrypts the ciphertext name "cName", given the dirIV of the
+// directory "cName" lies in. The relative plaintext path to the directory
+// "pDir" is used if a "gocryptfs.longname.XYZ.name" must be resolved.
 func (rfs *ReverseFS) rDecryptName(cName string, dirIV []byte, pDir string) (pName string, err error) {
 	nameType := nametransform.NameType(cName)
 	if nameType == nametransform.LongNameNone {
@@ -58,6 +61,8 @@ func (rfs *ReverseFS) rDecryptName(cName string, dirIV []byte, pDir string) (pNa
 	return pName, nil
 }
 
+// decryptPath decrypts a relative ciphertext path to a relative plaintext
+// path.
 func (rfs *ReverseFS) decryptPath(relPath string) (string, error) {
 	if rfs.args.PlaintextNames || relPath == "" {
 		return relPath, nil
author	Jakob Unterwurzacher	2018-01-17 20:52:52 +0100
committer	Jakob Unterwurzacher	2018-01-17 20:54:05 +0100
commit	959e1fc1e2f531480ad1353179fc94f56ff76dce (patch)
tree	42f4646f9b3f1a30414451a8942aeda5547bd0f8 /internal/fusefrontend_reverse/rpath.go
parent	8951eb2472d6af50554806df2ffd655f53da8bfe (diff)