2 files changed, 14 insertions, 6 deletions

diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index 09e9dd5..da33aee 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -8,8 +8,6 @@ import (
 	"path/filepath"
 	"syscall"
 
-	"golang.org/x/sys/unix"
-
 	"github.com/rfjakob/gocryptfs/internal/cryptocore"
 	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
 	"github.com/rfjakob/gocryptfs/internal/tlog"
@@ -97,12 +95,17 @@ func WriteDirIVAt(dirfd int) error {
 
 // encryptAndHashName encrypts "name" and hashes it to a longname if it is
 // too long.
-func (be *NameTransform) EncryptAndHashName(name string, iv []byte) string {
+// Returns ENAMETOOLONG if "name" is longer than 255 bytes.
+func (be *NameTransform) EncryptAndHashName(name string, iv []byte) (string, error) {
+	// Prevent the user from creating files longer than 255 chars.
+	if len(name) > NameMax {
+		return "", syscall.ENAMETOOLONG
+	}
 	cName := be.EncryptName(name, iv)
-	if be.longNames && len(cName) > unix.NAME_MAX {
-		return be.HashLongName(cName)
+	if be.longNames && len(cName) > NameMax {
+		return be.HashLongName(cName), nil
 	}
-	return cName
+	return cName, nil
 }
 
 // Dir is like filepath.Dir but returns "" instead of ".".
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 638a9eb..20fbede 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -12,6 +12,11 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
+const (
+	// Like ext4, we allow at most 255 bytes for a file name.
+	NameMax = 255
+)
+
 // NameTransform is used to transform filenames.
 type NameTransform struct {
 	emeCipher *eme.EMECipher