From 9a3f9350fe29083de04bbbe71e20ea169b2e691e Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Thu, 25 May 2017 14:21:55 +0200
Subject: nametransform: reject all-zero dirIV

This should never happen in normal operation and is a sign of
data corruption. Catch it early.
---
 internal/nametransform/diriv.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index e74592a..902999b 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -1,6 +1,7 @@
 package nametransform
 
 import (
+	"bytes"
 	"io"
 	"os"
 	"path/filepath"
@@ -46,6 +47,9 @@ func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {
 	return fdReadDirIV(fd)
 }
 
+// allZeroDirIV is preallocated to quickly check if the data read from disk is all zero
+var allZeroDirIV = make([]byte, DirIVLen)
+
 // fdReadDirIV reads and verifies the DirIV from an opened gocryptfs.diriv file.
 func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 	// We want to detect if the file is bigger than DirIVLen, so
@@ -61,6 +65,10 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 		tlog.Warn.Printf("ReadDirIVAt: wanted %d bytes, got %d. Returning EINVAL.", DirIVLen, len(iv))
 		return nil, syscall.EINVAL
 	}
+	if bytes.Equal(iv, allZeroDirIV) {
+		tlog.Warn.Printf("ReadDirIVAt: diriv is all-zero. Returning EINVAL.")
+		return nil, syscall.EINVAL
+	}
 	return iv, nil
 }
 
-- 
cgit v1.2.3