From c547673529cb4934ab885081f5682e85aa994f79 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner
Date: Wed, 22 Nov 2017 06:11:19 +0100
Subject: nametransform: Return error if decrypted name is '.' or '..'

---
 internal/nametransform/names.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'internal/nametransform')

diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 94fa453..65e6f06 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -65,6 +65,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
 	if bytes.Contains(bin, []byte{0}) || bytes.Contains(bin, []byte("/")) {
 		return "", syscall.EBADMSG
 	}
+	// The name should never be "." or "..".
+	if bytes.Equal(bin, []byte(".")) || bytes.Equal(bin, []byte("..")) {
+		return "", syscall.EBADMSG
+	}
 	plain := string(bin)
 	return plain, err
 }
-- 
cgit v1.2.3