From 96dc2ca70906c831b60be1c6ed3a27dbf7628e72 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner
Date: Mon, 11 Dec 2017 03:56:31 +0100
Subject: fusefrontend_reverse: Reject access to device nodes in newFile
 function

Steps to reproduce:

* Create a regular reverse mount point
* Create a file "test" in the original directory
* Access the corresponding encrypted directory in the mount point (ls <encrypted dir>)
* Quickly delete the file in the original data - instead create a device node
* Access the file again, it will access the device node and attempt to read from it

Fixes https://github.com/rfjakob/gocryptfs/issues/187
---
 internal/fusefrontend_reverse/rfile.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'internal/fusefrontend_reverse')

diff --git a/internal/fusefrontend_reverse/rfile.go b/internal/fusefrontend_reverse/rfile.go
index c10d341..26756a3 100644
--- a/internal/fusefrontend_reverse/rfile.go
+++ b/internal/fusefrontend_reverse/rfile.go
@@ -51,6 +51,14 @@ func (rfs *ReverseFS) newFile(relPath string) (*reverseFile, fuse.Status) {
 		syscall.Close(fd)
 		return nil, fuse.ToStatus(err)
 	}
+	// Reject access if the file descriptor does not refer to a regular file.
+	var a fuse.Attr
+	a.FromStat(&st)
+	if !a.IsRegular() {
+		tlog.Warn.Printf("ino%d: newFile: not a regular file", st.Ino)
+		syscall.Close(fd)
+		return nil, fuse.ToStatus(syscall.EACCES)
+	}
 	// See if we have that inode number already in the table
 	// (even if Nlink has dropped to 1)
 	var derivedIVs pathiv.FileIVs
-- 
cgit v1.2.3