From 04858ddd222bbf7156f33f99cfb293a9b1e15ec8 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Wed, 2 Jun 2021 14:21:30 +0200
Subject: nametransform: check name validity on encryption

xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.

With this change we do not allow to set them in the first
place.
---
 internal/fusefrontend/node_xattr.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'internal/fusefrontend/node_xattr.go')

diff --git a/internal/fusefrontend/node_xattr.go b/internal/fusefrontend/node_xattr.go
index 3855b55..925dcbf 100644
--- a/internal/fusefrontend/node_xattr.go
+++ b/internal/fusefrontend/node_xattr.go
@@ -56,12 +56,14 @@ func (n *Node) Getxattr(ctx context.Context, attr string, dest []byte) (uint32,
 		}
 	} else {
 		// encrypted user xattr
-		cAttr := rn.encryptXattrName(attr)
+		cAttr, err := rn.encryptXattrName(attr)
+		if err != nil {
+			return minus1, syscall.EIO
+		}
 		cData, errno := n.getXAttr(cAttr)
 		if errno != 0 {
 			return 0, errno
 		}
-		var err error
 		data, err = rn.decryptXattrValue(cData)
 		if err != nil {
 			tlog.Warn.Printf("GetXAttr: %v", err)
@@ -91,7 +93,10 @@ func (n *Node) Setxattr(ctx context.Context, attr string, data []byte, flags uin
 		return n.setXAttr(attr, data, flags)
 	}
 
-	cAttr := rn.encryptXattrName(attr)
+	cAttr, err := rn.encryptXattrName(attr)
+	if err != nil {
+		return syscall.EINVAL
+	}
 	cData := rn.encryptXattrValue(data)
 	return n.setXAttr(cAttr, cData, flags)
 }
@@ -107,7 +112,10 @@ func (n *Node) Removexattr(ctx context.Context, attr string) syscall.Errno {
 		return n.removeXAttr(attr)
 	}
 
-	cAttr := rn.encryptXattrName(attr)
+	cAttr, err := rn.encryptXattrName(attr)
+	if err != nil {
+		return syscall.EINVAL
+	}
 	return n.removeXAttr(cAttr)
 }
 
-- 
cgit v1.2.3