fusefrontend: make Readlink() symlink-safe

Now symlink-safe through Readlinkat().
This commit is contained in:
Jakob Unterwurzacher 2018-11-04 22:01:18 +01:00
parent 21f1f858b9
commit 4fae240153
2 changed files with 11 additions and 9 deletions

View File

@ -377,6 +377,8 @@ func (fs *FS) StatFs(path string) *fuse.StatfsOut {
// decryptSymlinkTarget: "cData64" is base64-decoded and decrypted // decryptSymlinkTarget: "cData64" is base64-decoded and decrypted
// like file contents (GCM). // like file contents (GCM).
// The empty string decrypts to the empty string. // The empty string decrypts to the empty string.
//
// This function does not do any I/O and is hence symlink-safe.
func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) { func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) {
if cData64 == "" { if cData64 == "" {
return "", nil return "", nil
@ -392,14 +394,16 @@ func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) {
return string(data), nil return string(data), nil
} }
// Readlink implements pathfs.Filesystem. // Readlink - FUSE call.
//
// Symlink-safe through openBackingDir() + Readlinkat().
func (fs *FS) Readlink(relPath string, context *fuse.Context) (out string, status fuse.Status) { func (fs *FS) Readlink(relPath string, context *fuse.Context) (out string, status fuse.Status) {
cPath, err := fs.encryptPath(relPath) dirfd, cName, err := fs.openBackingDir(relPath)
if err != nil { if err != nil {
return "", fuse.ToStatus(err) return "", fuse.ToStatus(err)
} }
cAbsPath := filepath.Join(fs.args.Cipherdir, cPath) defer syscall.Close(dirfd)
cTarget, err := os.Readlink(cAbsPath) cTarget, err := syscallcompat.Readlinkat(dirfd, cName)
if err != nil { if err != nil {
return "", fuse.ToStatus(err) return "", fuse.ToStatus(err)
} }
@ -409,7 +413,7 @@ func (fs *FS) Readlink(relPath string, context *fuse.Context) (out string, statu
// Symlinks are encrypted like file contents (GCM) and base64-encoded // Symlinks are encrypted like file contents (GCM) and base64-encoded
target, err := fs.decryptSymlinkTarget(cTarget) target, err := fs.decryptSymlinkTarget(cTarget)
if err != nil { if err != nil {
tlog.Warn.Printf("Readlink %q: decrypting target failed: %v", cPath, err) tlog.Warn.Printf("Readlink %q: decrypting target failed: %v", cName, err)
return "", fuse.EIO return "", fuse.EIO
} }
return string(target), fuse.OK return string(target), fuse.OK

View File

@ -10,10 +10,8 @@ import (
// It is not defined on Darwin, so we use the Linux value. // It is not defined on Darwin, so we use the Linux value.
const PATH_MAX = 4096 const PATH_MAX = 4096
// Readlinkat exists both in Linux and in MacOS 10.10+. We may add an // Readlinkat is a convenience wrapper around unix.Readlinkat() that takes
// emulated version for users on older MacOS versions if there is // care of buffer sizing. Implemented like os.Readlink().
// demand.
// Buffer allocation is handled internally, unlike the bare unix.Readlinkat.
func Readlinkat(dirfd int, path string) (string, error) { func Readlinkat(dirfd int, path string) (string, error) {
// Allocate the buffer exponentially like os.Readlink does. // Allocate the buffer exponentially like os.Readlink does.
for bufsz := 128; ; bufsz *= 2 { for bufsz := 128; ; bufsz *= 2 {