From 261cf12829dcef31f1a02559b898e5067a03af31 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sat, 6 Jun 2020 12:49:45 +0200
Subject: [PATCH] badname: stop trying to decrypt at length 22

At least 16 bytes due to AES --> at least 22 characters in base64
---
 internal/nametransform/names.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 675ed34..a659f0a 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -61,8 +61,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
 		for _, pattern := range n.BadnamePatterns {
 			match, err := filepath.Match(pattern, cipherName)
 			if err == nil && match { // Pattern should have been validated already
-				//find longest decryptable substring
-				for charpos := len(cipherName) - 1; charpos > 0; charpos-- {
+				// Find longest decryptable substring
+				// At least 16 bytes due to AES --> at least 22 characters in base64
+				nameMin := n.B64.EncodedLen(aes.BlockSize)
+				for charpos := len(cipherName) - 1; charpos >= nameMin; charpos-- {
 					res, err = n.decryptName(cipherName[:charpos], iv)
 					if err == nil {
 						return res + cipherName[charpos:] + " GOCRYPTFS_BAD_NAME", nil