summaryrefslogtreecommitdiff
path: root/internal/nametransform
diff options
context:
space:
mode:
Diffstat (limited to 'internal/nametransform')
-rw-r--r--internal/nametransform/names.go22
1 files changed, 20 insertions, 2 deletions
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index d5c2c8b..de70bce 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -5,6 +5,7 @@ import (
"bytes"
"crypto/aes"
"encoding/base64"
+ "path/filepath"
"syscall"
"github.com/rfjakob/eme"
@@ -35,6 +36,8 @@ type NameTransform struct {
// B64 = either base64.URLEncoding or base64.RawURLEncoding, depending
// on the Raw64 feature flag
B64 *base64.Encoding
+ // Patterns to bypass decryption
+ BadnamePatterns []string
}
// New returns a new NameTransform instance.
@@ -50,9 +53,24 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
}
}
-// DecryptName decrypts a base64-encoded encrypted filename "cipherName" using the
-// initialization vector "iv".
+// DecryptName calls decryptName to try and decrypt a base64-encoded encrypted
+// filename "cipherName", and failing that checks if it can be bypassed
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
+ res, err := n.decryptName(cipherName, iv)
+ if err != nil {
+ for _, pattern := range n.BadnamePatterns {
+ match, err := filepath.Match(pattern, cipherName)
+ if err == nil && match { // Pattern should have been validated already
+ return "GOCRYPTFS_BAD_NAME " + cipherName, nil
+ }
+ }
+ }
+ return res, err
+}
+
+// decryptName decrypts a base64-encoded encrypted filename "cipherName" using the
+// initialization vector "iv".
+func (n *NameTransform) decryptName(cipherName string, iv []byte) (string, error) {
bin, err := n.B64.DecodeString(cipherName)
if err != nil {
return "", err