main: disallow recursively encrypting ourselves

From https://github.com/rfjakob/gocryptfs/issues/150: mkdir a mkdir a/b gocryptsfs -init -reverse a/ gocryptfs -reverse a/ a/b Now directory a/b/ contains encrypted view of 'a' but it is possible to descend into encrypted version of b (e.g. a/b/43873uhj538765387/) which contains double encrypted 'a' and so on. Reported-by: https://github.com/tigmac
2017-10-31 19:44:54 +01:00 · 2017-10-31 19:44:54 +01:00 · a1a98abfbb
parent 34547a6c39
commit a1a98abfbb
1 changed files with 7 additions and 0 deletions
--- a/mount.go
+++ b/mount.go
@ -47,6 +47,13 @@ func doMount(args *argContainer) int {
 			args.mountpoint, args.cipherdir)
 		os.Exit(exitcodes.MountPoint)
 	}
+	// Reverse-mounting "/foo" at "/foo/mnt" means we would be recursively
+	// encrypting ourselves.
+	if strings.HasPrefix(args.mountpoint, args.cipherdir+"/") {
+		tlog.Fatal.Printf("Mountpoint %q is contained in cipherdir %q, this is not supported",
+			args.mountpoint, args.cipherdir)
+		os.Exit(exitcodes.MountPoint)
+	}
 	if args.nonempty {
 		err = checkDir(args.mountpoint)
 	} else {