From 8586a8382561e3bcac65f4bfd0ef0694e6e11245 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 4 Nov 2018 21:27:13 +0100
Subject: fusefrontend: use openBackingDir in ctlsock interface

Instead of calling syscall.Open() ourselves, rely on
openBackingDir().
---
 internal/fusefrontend/ctlsock_interface.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'internal/fusefrontend/ctlsock_interface.go')

diff --git a/internal/fusefrontend/ctlsock_interface.go b/internal/fusefrontend/ctlsock_interface.go
index 730ed58..92de40f 100644
--- a/internal/fusefrontend/ctlsock_interface.go
+++ b/internal/fusefrontend/ctlsock_interface.go
@@ -14,13 +14,18 @@ import (
 var _ ctlsock.Interface = &FS{} // Verify that interface is implemented.
 
 // EncryptPath implements ctlsock.Backend
+//
+// TODO: this function is NOT symlink-safe.
 func (fs *FS) EncryptPath(plainPath string) (string, error) {
 	return fs.encryptPath(plainPath)
 }
 
 // DecryptPath implements ctlsock.Backend
+//
+// DecryptPath is symlink-safe because openBackingDir() and decryptPathAt()
+// are symlink-safe.
 func (fs *FS) DecryptPath(cipherPath string) (plainPath string, err error) {
-	dirfd, err := syscall.Open(fs.args.Cipherdir, syscall.O_RDONLY, 0)
+	dirfd, _, err := fs.openBackingDir("")
 	if err != nil {
 		return "", err
 	}
@@ -29,6 +34,8 @@ func (fs *FS) DecryptPath(cipherPath string) (plainPath string, err error) {
 }
 
 // decryptPathAt decrypts a ciphertext path relative to dirfd.
+//
+// Symlink-safe through ReadDirIVAt() and ReadLongNameAt().
 func (fs *FS) decryptPathAt(dirfd int, cipherPath string) (plainPath string, err error) {
 	if fs.args.PlaintextNames || cipherPath == "" {
 		return cipherPath, nil
-- 
cgit v1.2.3