From 9ec042f2f62bc95154d6c8b3215a2e7853f8f5c6 Mon Sep 17 00:00:00 2001 From: orcas Date: Sun, 15 Sep 2019 00:32:54 +0800 Subject: Show undecryptable filenames if they match supplied glob Resolves https://github.com/rfjakob/gocryptfs/issues/393 --- internal/nametransform/names.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'internal/nametransform/names.go') diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go index d5c2c8b..de70bce 100644 --- a/internal/nametransform/names.go +++ b/internal/nametransform/names.go @@ -5,6 +5,7 @@ import ( "bytes" "crypto/aes" "encoding/base64" + "path/filepath" "syscall" "github.com/rfjakob/eme" @@ -35,6 +36,8 @@ type NameTransform struct { // B64 = either base64.URLEncoding or base64.RawURLEncoding, depending // on the Raw64 feature flag B64 *base64.Encoding + // Patterns to bypass decryption + BadnamePatterns []string } // New returns a new NameTransform instance. @@ -50,9 +53,24 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform { } } -// DecryptName decrypts a base64-encoded encrypted filename "cipherName" using the -// initialization vector "iv". +// DecryptName calls decryptName to try and decrypt a base64-encoded encrypted +// filename "cipherName", and failing that checks if it can be bypassed func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) { + res, err := n.decryptName(cipherName, iv) + if err != nil { + for _, pattern := range n.BadnamePatterns { + match, err := filepath.Match(pattern, cipherName) + if err == nil && match { // Pattern should have been validated already + return "GOCRYPTFS_BAD_NAME " + cipherName, nil + } + } + } + return res, err +} + +// decryptName decrypts a base64-encoded encrypted filename "cipherName" using the +// initialization vector "iv". +func (n *NameTransform) decryptName(cipherName string, iv []byte) (string, error) { bin, err := n.B64.DecodeString(cipherName) if err != nil { return "", err -- cgit v1.2.3