diff options
author | Jakob Unterwurzacher | 2017-11-26 21:27:29 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-11-26 21:37:12 +0100 |
commit | 1bb47b6796c7a2cfb64e6cdff37c43c03c473a81 (patch) | |
tree | b223c301a1b95506f20f876b13b2145d7a0f113b /internal | |
parent | 90687215a42b2e074f3b5a85cf344ca998fa34ac (diff) |
reverse: reject too-long symlink target reads with ENAMETOOLONG
If the symlink target gets too long due to base64 encoding, we should
return ENAMETOOLONG instead of having the kernel reject the data and
returning an I/O error to the user.
Fixes https://github.com/rfjakob/gocryptfs/issues/167
Diffstat (limited to 'internal')
-rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index 53e6d22..8afc270 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -319,5 +319,11 @@ func (rfs *ReverseFS) Readlink(cipherPath string, context *fuse.Context) (string // Symlinks are encrypted like file contents and base64-encoded cBinTarget := rfs.contentEnc.EncryptBlockNonce([]byte(plainTarget), 0, nil, nonce) cTarget := rfs.nameTransform.B64.EncodeToString(cBinTarget) + // The kernel will reject a symlink target above 4096 chars and return + // and I/O error to the user. Better emit the proper error ourselves. + const PATH_MAX = 4096 // not defined on Darwin + if len(cTarget) > PATH_MAX { + return "", fuse.Status(syscall.ENAMETOOLONG) + } return cTarget, fuse.OK } |