fusefrontend_reverse: Reject access to device nodes in newFile function
Steps to reproduce: * Create a regular reverse mount point * Create a file "test" in the original directory * Access the corresponding encrypted directory in the mount point (ls <encrypted dir>) * Quickly delete the file in the original data - instead create a device node * Access the file again, it will access the device node and attempt to read from it Fixes https://github.com/rfjakob/gocryptfs/issues/187
This commit is contained in:
Sebastian Lackner
rfjakob
parent
3af51736f3
commit
96dc2ca709
@ -51,6 +51,14 @@ func (rfs *ReverseFS) newFile(relPath string) (*reverseFile, fuse.Status) {
|
|||||||
syscall.Close(fd)
|
syscall.Close(fd)
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
|
// Reject access if the file descriptor does not refer to a regular file.
|
||||||
|
var a fuse.Attr
|
||||||
|
a.FromStat(&st)
|
||||||
|
if !a.IsRegular() {
|
||||||
|
tlog.Warn.Printf("ino%d: newFile: not a regular file", st.Ino)
|
||||||
|
syscall.Close(fd)
|
||||||
|
return nil, fuse.ToStatus(syscall.EACCES)
|
||||||
|
}
|
||||||
// See if we have that inode number already in the table
|
// See if we have that inode number already in the table
|
||||||
// (even if Nlink has dropped to 1)
|
// (even if Nlink has dropped to 1)
|
||||||
var derivedIVs pathiv.FileIVs
|
var derivedIVs pathiv.FileIVs
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user