From e97c23e08383666117523cf3145f1213b41c2489 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Thu, 30 Nov 2017 19:40:53 +0100
Subject: syscallcompat: check that we get NOFOLLOW wherever possible

...and fix the instances where the AT_SYMLINK_NOFOLLOW /
O_NOFOLLOW / O_EXCL flag was missing.
---
 internal/nametransform/diriv.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'internal/nametransform')

diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index fe289c6..f980a04 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -36,7 +36,8 @@ func ReadDirIV(dir string) (iv []byte, err error) {
 // ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
 // Using the dirfd makes it immune to concurrent renames of the directory.
 func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {
-	fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename, syscall.O_RDONLY, 0)
+	fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename,
+		syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
 	if err != nil {
 		tlog.Warn.Printf("ReadDirIVAt: opening %q in dir %q failed: %v",
 			DirIVFilename, dirfd.Name(), err)
-- 
cgit v1.2.3