main: disallow recursively encrypting ourselves

From https://github.com/rfjakob/gocryptfs/issues/150:

  mkdir a
  mkdir a/b
  gocryptsfs -init -reverse a/
  gocryptfs -reverse a/ a/b

  Now directory a/b/ contains encrypted view of 'a' but it
  is possible to descend into encrypted version of b (e.g.
  a/b/43873uhj538765387/) which contains double encrypted
  'a' and so on.

Reported-by: https://github.com/tigmac
This commit is contained in:
Jakob Unterwurzacher 2017-10-31 19:44:54 +01:00
parent 34547a6c39
commit a1a98abfbb

View File

@ -47,6 +47,13 @@ func doMount(args *argContainer) int {
args.mountpoint, args.cipherdir)
os.Exit(exitcodes.MountPoint)
}
// Reverse-mounting "/foo" at "/foo/mnt" means we would be recursively
// encrypting ourselves.
if strings.HasPrefix(args.mountpoint, args.cipherdir+"/") {
tlog.Fatal.Printf("Mountpoint %q is contained in cipherdir %q, this is not supported",
args.mountpoint, args.cipherdir)
os.Exit(exitcodes.MountPoint)
}
if args.nonempty {
err = checkDir(args.mountpoint)
} else {