Age | Commit message (Collapse) | Author |
|
Needs some space to grow.
renamed: internal/nametransform/diriv_cache.go -> internal/nametransform/dirivcache/dirivcache.go
|
|
This fixes a few issues I have found reviewing the code:
1) Limit the amount of data ReadLongName() will read. Previously,
you could send gocryptfs into out-of-memory by symlinking
gocryptfs.diriv to /dev/zero.
2) Handle the empty input case in unPad16() by returning an
error. Previously, it would panic with an out-of-bounds array
read. It is unclear to me if this could actually be triggered.
3) Reject empty names after base64-decoding in DecryptName().
An empty name crashes emeCipher.Decrypt().
It is unclear to me if B64.DecodeString() can actually return
a non-error empty result, but let's guard against it anyway.
|
|
nametransform.DecryptName() now always returns syscall.EBADMSG if
the name was invalid.
fusefrontend.OpenDir error messages have been normalized.
|
|
The symlink functions incorrectly hardcoded the padded
base64 variant.
|
|
Yields a nice reduction in code size.
|
|
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.
Note that you have to upgrade your EME package (go get -u)!
|
|
Using raw64 will not work, but at least it will compile.
|
|
Through base64.RawURLEncoding.
New command-line parameter "-raw64".
|
|
|
|
This happens all the time in reverse mode when somebody stats
an encrypted symlink target.
|
|
|
|
|
|
With the generic fmt.Errorf we trigger a warning from go-fuse:
2016/09/21 21:42:31 can't convert error type: Invalid padding
|
|
|
|
unPad16 returns detailed errors including the position of the
incorrect bytes. Kill a possible padding oracle by lumping
everything into a generic error.
The detailed error is only logged if debug is active.
|
|
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
|
|
Let's have shorter names, and merge *_api.go into the "main"
file.
No code changes.
|