From 04858ddd222bbf7156f33f99cfb293a9b1e15ec8 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Wed, 2 Jun 2021 14:21:30 +0200
Subject: nametransform: check name validity on encryption

xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.

With this change we do not allow to set them in the first
place.
---
 internal/fusefrontend_reverse/ctlsock_interface.go | 5 ++++-
 internal/fusefrontend_reverse/node_dir_ops.go      | 6 +++++-
 internal/fusefrontend_reverse/root_node.go         | 7 +++++--
 3 files changed, 14 insertions(+), 4 deletions(-)

(limited to 'internal/fusefrontend_reverse')

diff --git a/internal/fusefrontend_reverse/ctlsock_interface.go b/internal/fusefrontend_reverse/ctlsock_interface.go
index 6bf2e6a..2157044 100644
--- a/internal/fusefrontend_reverse/ctlsock_interface.go
+++ b/internal/fusefrontend_reverse/ctlsock_interface.go
@@ -23,7 +23,10 @@ func (rn *RootNode) EncryptPath(plainPath string) (string, error) {
 	parts := strings.Split(plainPath, "/")
 	for _, part := range parts {
 		dirIV := pathiv.Derive(cipherPath, pathiv.PurposeDirIV)
-		encryptedPart := rn.nameTransform.EncryptName(part, dirIV)
+		encryptedPart, err := rn.nameTransform.EncryptName(part, dirIV)
+		if err != nil {
+			return "", err
+		}
 		if rn.args.LongNames && len(encryptedPart) > unix.NAME_MAX {
 			encryptedPart = rn.nameTransform.HashLongName(encryptedPart)
 		}
diff --git a/internal/fusefrontend_reverse/node_dir_ops.go b/internal/fusefrontend_reverse/node_dir_ops.go
index 22f8122..c287284 100644
--- a/internal/fusefrontend_reverse/node_dir_ops.go
+++ b/internal/fusefrontend_reverse/node_dir_ops.go
@@ -64,7 +64,11 @@ func (n *Node) Readdir(ctx context.Context) (stream fs.DirStream, errno syscall.
 			!rn.args.ConfigCustom {
 			cName = configfile.ConfDefaultName
 		} else {
-			cName = rn.nameTransform.EncryptName(entries[i].Name, dirIV)
+			cName, err = rn.nameTransform.EncryptName(entries[i].Name, dirIV)
+			if err != nil {
+				entries[i].Name = "___GOCRYPTFS_INVALID_NAME___"
+				continue
+			}
 			if len(cName) > unix.NAME_MAX {
 				cName = rn.nameTransform.HashLongName(cName)
 				dotNameFile := fuse.DirEntry{
diff --git a/internal/fusefrontend_reverse/root_node.go b/internal/fusefrontend_reverse/root_node.go
index b7a259a..10b0d69 100644
--- a/internal/fusefrontend_reverse/root_node.go
+++ b/internal/fusefrontend_reverse/root_node.go
@@ -71,9 +71,12 @@ func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (p
 		if len(entry.Name) <= shortNameMax {
 			continue
 		}
-		cFullName = rn.nameTransform.EncryptName(entry.Name, diriv)
+		cFullName, err = rn.nameTransform.EncryptName(entry.Name, diriv)
+		if err != nil {
+			continue
+		}
 		if len(cFullName) <= unix.NAME_MAX {
-			// Entry should have been skipped by the "continue" above
+			// Entry should have been skipped by the shortNameMax check above
 			log.Panic("logic error or wrong shortNameMax constant?")
 		}
 		hName := rn.nameTransform.HashLongName(cFullName)
-- 
cgit v1.2.3