From e827763f2e6226d9f5778d56c28270264950c0f5 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Tue, 23 May 2017 20:46:24 +0200
Subject: nametransform: harden name decryption against invalid input

This fixes a few issues I have found reviewing the code:

1) Limit the amount of data ReadLongName() will read. Previously,
you could send gocryptfs into out-of-memory by symlinking
gocryptfs.diriv to /dev/zero.

2) Handle the empty input case in unPad16() by returning an
error. Previously, it would panic with an out-of-bounds array
read. It is unclear to me if this could actually be triggered.

3) Reject empty names after base64-decoding in DecryptName().
An empty name crashes emeCipher.Decrypt().
It is unclear to me if B64.DecodeString() can actually return
a non-error empty result, but let's guard against it anyway.
---
 internal/nametransform/pad16.go | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'internal/nametransform/pad16.go')

diff --git a/internal/nametransform/pad16.go b/internal/nametransform/pad16.go
index 2b30bcb..833be0e 100644
--- a/internal/nametransform/pad16.go
+++ b/internal/nametransform/pad16.go
@@ -31,6 +31,9 @@ func pad16(orig []byte) (padded []byte) {
 // unPad16 - remove padding
 func unPad16(padded []byte) ([]byte, error) {
 	oldLen := len(padded)
+	if oldLen == 0 {
+		return nil, errors.New("Empty input")
+	}
 	if oldLen%aes.BlockSize != 0 {
 		return nil, errors.New("Unaligned size")
 	}
@@ -39,12 +42,16 @@ func unPad16(padded []byte) ([]byte, error) {
 	// The padding byte's value is the padding length
 	padLen := int(padByte)
 	// Padding must be at least 1 byte
-	if padLen <= 0 {
+	if padLen == 0 {
 		return nil, errors.New("Padding cannot be zero-length")
 	}
-	// Larger paddings make no sense
+	// Padding more than 16 bytes make no sense
 	if padLen > aes.BlockSize {
-		return nil, fmt.Errorf("Padding too long, padLen = %d > 16", padLen)
+		return nil, fmt.Errorf("Padding too long, padLen=%d > 16", padLen)
+	}
+	// Padding cannot be as long as (or longer than) the whole string,
+	if padLen >= oldLen {
+		return nil, fmt.Errorf("Padding too long, oldLen=%d >= padLen=%d", oldLen, padLen)
 	}
 	// All padding bytes must be identical
 	for i := oldLen - padLen; i < oldLen; i++ {
@@ -53,9 +60,5 @@ func unPad16(padded []byte) ([]byte, error) {
 		}
 	}
 	newLen := oldLen - padLen
-	// Padding an empty string makes no sense
-	if newLen == 0 {
-		return nil, errors.New("Unpadded length is zero")
-	}
 	return padded[0:newLen], nil
 }
-- 
cgit v1.2.3