diff options
| author | Jakob Unterwurzacher | 2017-05-25 14:21:55 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-05-25 14:21:55 +0200 | 
| commit | 9a3f9350fe29083de04bbbe71e20ea169b2e691e (patch) | |
| tree | 3e84be3140e76f0aaba6994deb25f1b68edca1ee /internal/nametransform | |
| parent | 2ce269ec63e0a9c87b2fce45a5bf0cf09abf5bba (diff) | |
nametransform: reject all-zero dirIV
This should never happen in normal operation and is a sign of
data corruption. Catch it early.
Diffstat (limited to 'internal/nametransform')
| -rw-r--r-- | internal/nametransform/diriv.go | 8 | 
1 files changed, 8 insertions, 0 deletions
| diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go index e74592a..902999b 100644 --- a/internal/nametransform/diriv.go +++ b/internal/nametransform/diriv.go @@ -1,6 +1,7 @@  package nametransform  import ( +	"bytes"  	"io"  	"os"  	"path/filepath" @@ -46,6 +47,9 @@ func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {  	return fdReadDirIV(fd)  } +// allZeroDirIV is preallocated to quickly check if the data read from disk is all zero +var allZeroDirIV = make([]byte, DirIVLen) +  // fdReadDirIV reads and verifies the DirIV from an opened gocryptfs.diriv file.  func fdReadDirIV(fd *os.File) (iv []byte, err error) {  	// We want to detect if the file is bigger than DirIVLen, so @@ -61,6 +65,10 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {  		tlog.Warn.Printf("ReadDirIVAt: wanted %d bytes, got %d. Returning EINVAL.", DirIVLen, len(iv))  		return nil, syscall.EINVAL  	} +	if bytes.Equal(iv, allZeroDirIV) { +		tlog.Warn.Printf("ReadDirIVAt: diriv is all-zero. Returning EINVAL.") +		return nil, syscall.EINVAL +	}  	return iv, nil  } | 
