reverse: reject too-long symlink target reads with ENAMETOOLONG

If the symlink target gets too long due to base64 encoding, we should return ENAMETOOLONG instead of having the kernel reject the data and returning an I/O error to the user. Fixes https://github.com/rfjakob/gocryptfs/issues/167
author: Jakob Unterwurzacher 2017-11-26 21:27:29 +0100
committer: Jakob Unterwurzacher 2017-11-26 21:37:12 +0100
commit: 1bb47b6796c7a2cfb64e6cdff37c43c03c473a81 (patch)
tree: b223c301a1b95506f20f876b13b2145d7a0f113b /internal
parent: 90687215a42b2e074f3b5a85cf344ca998fa34ac (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 53e6d22..8afc270 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -319,5 +319,11 @@ func (rfs *ReverseFS) Readlink(cipherPath string, context *fuse.Context) (string
 	// Symlinks are encrypted like file contents and base64-encoded
 	cBinTarget := rfs.contentEnc.EncryptBlockNonce([]byte(plainTarget), 0, nil, nonce)
 	cTarget := rfs.nameTransform.B64.EncodeToString(cBinTarget)
+	// The kernel will reject a symlink target above 4096 chars and return
+	// and I/O error to the user. Better emit the proper error ourselves.
+	const PATH_MAX = 4096 // not defined on Darwin
+	if len(cTarget) > PATH_MAX {
+		return "", fuse.Status(syscall.ENAMETOOLONG)
+	}
 	return cTarget, fuse.OK
 }
author	Jakob Unterwurzacher	2017-11-26 21:27:29 +0100
committer	Jakob Unterwurzacher	2017-11-26 21:37:12 +0100
commit	1bb47b6796c7a2cfb64e6cdff37c43c03c473a81 (patch)
tree	b223c301a1b95506f20f876b13b2145d7a0f113b /internal
parent	90687215a42b2e074f3b5a85cf344ca998fa34ac (diff)