diff options
author | Jakob Unterwurzacher | 2021-06-02 14:21:30 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2021-06-02 14:29:48 +0200 |
commit | 04858ddd222bbf7156f33f99cfb293a9b1e15ec8 (patch) | |
tree | 732cbf83c9d842a911d515abbad7c153c4159354 /internal/fusefrontend_reverse | |
parent | 242cdf966f262b2e20785eb0ff49ac55a8bd4636 (diff) |
nametransform: check name validity on encryption
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.
With this change we do not allow to set them in the first
place.
Diffstat (limited to 'internal/fusefrontend_reverse')
-rw-r--r-- | internal/fusefrontend_reverse/ctlsock_interface.go | 5 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/node_dir_ops.go | 6 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/root_node.go | 7 |
3 files changed, 14 insertions, 4 deletions
diff --git a/internal/fusefrontend_reverse/ctlsock_interface.go b/internal/fusefrontend_reverse/ctlsock_interface.go index 6bf2e6a..2157044 100644 --- a/internal/fusefrontend_reverse/ctlsock_interface.go +++ b/internal/fusefrontend_reverse/ctlsock_interface.go @@ -23,7 +23,10 @@ func (rn *RootNode) EncryptPath(plainPath string) (string, error) { parts := strings.Split(plainPath, "/") for _, part := range parts { dirIV := pathiv.Derive(cipherPath, pathiv.PurposeDirIV) - encryptedPart := rn.nameTransform.EncryptName(part, dirIV) + encryptedPart, err := rn.nameTransform.EncryptName(part, dirIV) + if err != nil { + return "", err + } if rn.args.LongNames && len(encryptedPart) > unix.NAME_MAX { encryptedPart = rn.nameTransform.HashLongName(encryptedPart) } diff --git a/internal/fusefrontend_reverse/node_dir_ops.go b/internal/fusefrontend_reverse/node_dir_ops.go index 22f8122..c287284 100644 --- a/internal/fusefrontend_reverse/node_dir_ops.go +++ b/internal/fusefrontend_reverse/node_dir_ops.go @@ -64,7 +64,11 @@ func (n *Node) Readdir(ctx context.Context) (stream fs.DirStream, errno syscall. !rn.args.ConfigCustom { cName = configfile.ConfDefaultName } else { - cName = rn.nameTransform.EncryptName(entries[i].Name, dirIV) + cName, err = rn.nameTransform.EncryptName(entries[i].Name, dirIV) + if err != nil { + entries[i].Name = "___GOCRYPTFS_INVALID_NAME___" + continue + } if len(cName) > unix.NAME_MAX { cName = rn.nameTransform.HashLongName(cName) dotNameFile := fuse.DirEntry{ diff --git a/internal/fusefrontend_reverse/root_node.go b/internal/fusefrontend_reverse/root_node.go index b7a259a..10b0d69 100644 --- a/internal/fusefrontend_reverse/root_node.go +++ b/internal/fusefrontend_reverse/root_node.go @@ -71,9 +71,12 @@ func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (p if len(entry.Name) <= shortNameMax { continue } - cFullName = rn.nameTransform.EncryptName(entry.Name, diriv) + cFullName, err = rn.nameTransform.EncryptName(entry.Name, diriv) + if err != nil { + continue + } if len(cFullName) <= unix.NAME_MAX { - // Entry should have been skipped by the "continue" above + // Entry should have been skipped by the shortNameMax check above log.Panic("logic error or wrong shortNameMax constant?") } hName := rn.nameTransform.HashLongName(cFullName) |