diff options
| author | Sebastian Lackner | 2017-11-24 00:44:06 +0100 |
|---|---|---|
| committer | rfjakob | 2017-11-25 16:20:48 +0100 |
| commit | 90687215a42b2e074f3b5a85cf344ca998fa34ac (patch) | |
| tree | 6d428b3ae7df96b415e7733ad4d1f2ae93f98ea8 /tests/reverse | |
| parent | 95870e841e395607a7df60a138f0fcc53a76f7b3 (diff) | |
fusefrontend_reverse: Do not mix up cache information for different directories
Fixes https://github.com/rfjakob/gocryptfs/issues/168
Steps to reproduce the problem:
* Create a regular reverse mount point
* Create files with the same very long name in multiple directories - so far
everything works as expected, and it will appear with a different name each
time, for example, gocryptfs.longname.A in directory A and
gocryptfs.longname.B in directory B
* Try to access a path with A/gocryptfs.longname.B or B/gocryptfs.longname.A -
this should fail, but it actually works.
The problem is that the longname cache only uses the path as key and not the
dir or divIV. Assume an attacker can directly interact with a reverse mount and
knows the relation longname path -> unencoded path in one directory, it allows
to test if the same unencoded filename appears in any other directory.
Diffstat (limited to 'tests/reverse')
| -rw-r--r-- | tests/reverse/ctlsock_test.go | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/tests/reverse/ctlsock_test.go b/tests/reverse/ctlsock_test.go index c3ee121..d60fbde 100644 --- a/tests/reverse/ctlsock_test.go +++ b/tests/reverse/ctlsock_test.go @@ -35,10 +35,11 @@ func TestCtlSockPathOps(t *testing.T) { test_helpers.MountOrFatal(t, "ctlsock_reverse_test_fs", mnt, "-reverse", "-extpass", "echo test", "-ctlsock="+sock) defer test_helpers.UnmountPanic(mnt) var req ctlsock.RequestStruct + var response ctlsock.ResponseStruct for i, tc := range ctlSockTestCases { // Decrypt req = ctlsock.RequestStruct{DecryptPath: tc[0]} - response := test_helpers.QueryCtlSock(t, sock, req) + response = test_helpers.QueryCtlSock(t, sock, req) if response.ErrNo != 0 { t.Errorf("Testcase %d Decrypt: %q ErrNo=%d ErrText=%s", i, tc[0], response.ErrNo, response.ErrText) } else if response.Result != tc[1] { @@ -53,6 +54,18 @@ func TestCtlSockPathOps(t *testing.T) { t.Errorf("Testcase %d Encrypt: Want %q got %q", i, tc[1], response.Result) } } + // At this point the longname parent cache should be populated. + // Check that we do not mix up information for different directories. + req = ctlsock.RequestStruct{DecryptPath: "gocryptfs.longname.y6rxCn6Id8hIZL2t_STpdLZpu-aE2HpprJR25xD60mk="} + response = test_helpers.QueryCtlSock(t, sock, req) + if response.ErrNo != -1 { + t.Errorf("File should not exist: ErrNo=%d ErrText=%s", response.ErrNo, response.ErrText) + } + req = ctlsock.RequestStruct{DecryptPath: "v6puXntoQOk7Mhl8zJ4Idg==/gocryptfs.longname.ZQCAoi5li3xvDZRO8McBV0L_kzJc4IcAOEzuW-2S1Y4="} + response = test_helpers.QueryCtlSock(t, sock, req) + if response.ErrNo != -1 { + t.Errorf("File should not exist: ErrNo=%d ErrText=%s", response.ErrNo, response.ErrText) + } } // We should not panic when somebody feeds requests that make no sense |