From e827763f2e6226d9f5778d56c28270264950c0f5 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Tue, 23 May 2017 20:46:24 +0200
Subject: nametransform: harden name decryption against invalid input

This fixes a few issues I have found reviewing the code:

1) Limit the amount of data ReadLongName() will read. Previously,
you could send gocryptfs into out-of-memory by symlinking
gocryptfs.diriv to /dev/zero.

2) Handle the empty input case in unPad16() by returning an
error. Previously, it would panic with an out-of-bounds array
read. It is unclear to me if this could actually be triggered.

3) Reject empty names after base64-decoding in DecryptName().
An empty name crashes emeCipher.Decrypt().
It is unclear to me if B64.DecodeString() can actually return
a non-error empty result, but let's guard against it anyway.
---
 internal/nametransform/names_test.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'internal/nametransform/names_test.go')

diff --git a/internal/nametransform/names_test.go b/internal/nametransform/names_test.go
index d772af2..0254777 100644
--- a/internal/nametransform/names_test.go
+++ b/internal/nametransform/names_test.go
@@ -32,3 +32,20 @@ func TestPad16(t *testing.T) {
 		}
 	}
 }
+
+// TestUnpad16Garbage - unPad16 should never crash on corrupt or malicious inputs
+func TestUnpad16Garbage(t *testing.T) {
+	var testCases [][]byte
+	testCases = append(testCases, make([]byte, 0))
+	testCases = append(testCases, make([]byte, 16))
+	testCases = append(testCases, make([]byte, 1))
+	testCases = append(testCases, make([]byte, 17))
+	testCases = append(testCases, bytes.Repeat([]byte{16}, 16))
+	testCases = append(testCases, bytes.Repeat([]byte{17}, 16))
+	for _, v := range testCases {
+		_, err := unPad16([]byte(v))
+		if err == nil {
+			t.Fail()
+		}
+	}
+}
-- 
cgit v1.2.3