nametransform: check name validity on encryption

xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
author: Jakob Unterwurzacher 2021-06-02 14:21:30 +0200
committer: Jakob Unterwurzacher 2021-06-02 14:29:48 +0200
commit: 04858ddd222bbf7156f33f99cfb293a9b1e15ec8 (patch)
tree: 732cbf83c9d842a911d515abbad7c153c4159354 /internal/nametransform/valid.go
parent: 242cdf966f262b2e20785eb0ff49ac55a8bd4636 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/internal/nametransform/valid.go b/internal/nametransform/valid.go
new file mode 100644
index 0000000..b991074
--- /dev/null
+++ b/internal/nametransform/valid.go
@@ -0,0 +1,27 @@
+package nametransform
+
+import (
+	"fmt"
+	"strings"
+)
+
+// IsValidName checks if `name` is a valid name for a normal file
+// (does not contain null bytes or "/" etc...).
+func IsValidName(name string) error {
+	if name == "" {
+		return fmt.Errorf("empty input")
+	}
+	if len(name) > NameMax {
+		return fmt.Errorf("too long")
+	}
+	// A name can never contain a null byte or "/". Make sure we never return those
+	// to the kernel, even when we read a corrupted (or fuzzed) filesystem.
+	if strings.Contains(name, "\000") || strings.Contains(name, "/") {
+		return fmt.Errorf("contains forbidden bytes")
+	}
+	// The name should never be "." or "..".
+	if name == "." || name == ".." {
+		return fmt.Errorf(". and .. are forbidden names")
+	}
+	return nil
+}
author	Jakob Unterwurzacher	2021-06-02 14:21:30 +0200
committer	Jakob Unterwurzacher	2021-06-02 14:29:48 +0200
commit	04858ddd222bbf7156f33f99cfb293a9b1e15ec8 (patch)
tree	732cbf83c9d842a911d515abbad7c153c4159354 /internal/nametransform/valid.go
parent	242cdf966f262b2e20785eb0ff49ac55a8bd4636 (diff)