aboutsummaryrefslogtreecommitdiff
path: root/internal/nametransform/names.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-06-02 14:21:30 +0200
committerJakob Unterwurzacher2021-06-02 14:29:48 +0200
commit04858ddd222bbf7156f33f99cfb293a9b1e15ec8 (patch)
tree732cbf83c9d842a911d515abbad7c153c4159354 /internal/nametransform/names.go
parent242cdf966f262b2e20785eb0ff49ac55a8bd4636 (diff)
nametransform: check name validity on encryption
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
Diffstat (limited to 'internal/nametransform/names.go')
-rw-r--r--internal/nametransform/names.go27
1 files changed, 11 insertions, 16 deletions
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 119d592..ca28230 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -2,7 +2,6 @@
package nametransform
import (
- "bytes"
"crypto/aes"
"encoding/base64"
"path/filepath"
@@ -21,7 +20,7 @@ const (
// NameTransformer is an interface used to transform filenames.
type NameTransformer interface {
DecryptName(cipherName string, iv []byte) (string, error)
- EncryptName(plainName string, iv []byte) string
+ EncryptName(plainName string, iv []byte) (string, error)
EncryptAndHashName(name string, iv []byte) (string, error)
// HashLongName - take the hash of a long string "name" and return
// "gocryptfs.longname.[sha256]"
@@ -99,22 +98,14 @@ func (n *NameTransform) decryptName(cipherName string, iv []byte) (string, error
bin = n.emeCipher.Decrypt(iv, bin)
bin, err = unPad16(bin)
if err != nil {
- tlog.Debug.Printf("DecryptName: unPad16 error detail: %v", err)
- // unPad16 returns detailed errors including the position of the
- // incorrect bytes. Kill the padding oracle by lumping everything into
- // a generic error.
+ tlog.Warn.Printf("DecryptName %q: unPad16 error: %v", cipherName, err)
return "", syscall.EBADMSG
}
- // A name can never contain a null byte or "/". Make sure we never return those
- // to the kernel, even when we read a corrupted (or fuzzed) filesystem.
- if bytes.Contains(bin, []byte{0}) || bytes.Contains(bin, []byte("/")) {
- return "", syscall.EBADMSG
- }
- // The name should never be "." or "..".
- if bytes.Equal(bin, []byte(".")) || bytes.Equal(bin, []byte("..")) {
+ plain := string(bin)
+ if err := IsValidName(plain); err != nil {
+ tlog.Warn.Printf("DecryptName %q: invalid name after decryption: %v", cipherName, err)
return "", syscall.EBADMSG
}
- plain := string(bin)
return plain, err
}
@@ -123,12 +114,16 @@ func (n *NameTransform) decryptName(cipherName string, iv []byte) (string, error
//
// This function is exported because in some cases, fusefrontend needs access
// to the full (not hashed) name if longname is used.
-func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
+func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string, err error) {
+ if err := IsValidName(plainName); err != nil {
+ tlog.Warn.Printf("EncryptName %q: invalid plainName: %v", plainName, err)
+ return "", syscall.EBADMSG
+ }
bin := []byte(plainName)
bin = pad16(bin)
bin = n.emeCipher.Encrypt(iv, bin)
cipherName64 = n.B64.EncodeToString(bin)
- return cipherName64
+ return cipherName64, nil
}
// B64EncodeToString returns a Base64-encoded string