From 441e796e7034977c15dc9402a880ef4061b471a7 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sat, 2 Dec 2017 21:36:07 +0100
Subject: [PATCH] fusefrontend_reverse: secure StatFs agains symlink races

...by ignoring the path that was passed in.

https://github.com/rfjakob/gocryptfs/issues/165
---
 internal/fusefrontend_reverse/rfs.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 09ebe9e..18468ee 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -297,9 +297,20 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse.
 	return entries, fuse.OK
 }
 
-// StatFs - FUSE call
-func (rfs *ReverseFS) StatFs(name string) *fuse.StatfsOut {
-	return rfs.loopbackfs.StatFs(name)
+// StatFs - FUSE call. Returns information about the filesystem (free space
+// etc).
+// Securing statfs against symlink races seems to be more trouble than
+// it's worth, so we just ignore the path and always return info about the
+// backing storage root dir.
+func (rfs *ReverseFS) StatFs(path string) *fuse.StatfsOut {
+	var s syscall.Statfs_t
+	err := syscall.Statfs(rfs.args.Cipherdir, &s)
+	if err != nil {
+		return nil
+	}
+	out := &fuse.StatfsOut{}
+	out.FromStatfsT(&s)
+	return out
 }
 
 // Readlink - FUSE call