ctlsock: prevent panic on invalid decrypt request

internal/fusefrontend_reverse/rpath.go

@@ -8,6 +8,7 @@ import (
 	"syscall"
 
 	"github.com/rfjakob/gocryptfs/internal/nametransform"
+	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
 // saneDir is like filepath.Dir but returns "" instead of "."
@@ -80,7 +81,9 @@ func (rfs *ReverseFS) decryptPath(relPath string) (string, error) {
 				return "", err
 			}
 		} else {
-			panic("longname bug, .name files should have been handled earlier")
+			// It makes no sense to decrypt a ".name" file
+			tlog.Warn.Printf("decryptPath: tried to decrypt %q!? Returning EINVAL.", part)
+			return "", syscall.EINVAL
 		}
 		transformedParts = append(transformedParts, transformedPart)
 	}

tests/reverse/ctlsock_test.go

@@ -22,7 +22,8 @@ var ctlSockTestCases = [][]string{
 	{"gocryptfs.longname.cvRximo1ATRJVEzw_V9MZieHFlod9y2iv2Sug1kbiTE=/rBPJYAzcHWLdPj1T8kgh8A==", "longdir." + x240 + "/file"},
 }
 
-func TestCtlSockDecryptPath(t *testing.T) {
+// Test DecryptPath and EncryptPath
+func TestCtlSockPathOps(t *testing.T) {
 	mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_")
 	if err != nil {
 		t.Fatal(err)
@@ -50,3 +51,18 @@ func TestCtlSockDecryptPath(t *testing.T) {
 		}
 	}
 }
+
+// We should not panic when somebody feeds requests that make no sense
+func TestCtlSockCrash(t *testing.T) {
+	mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_")
+	if err != nil {
+		t.Fatal(err)
+	}
+	sock := mnt + ".sock"
+	test_helpers.MountOrFatal(t, "ctlsock_reverse_test_fs", mnt, "-reverse", "-extpass", "echo test", "-ctlsock="+sock,
+		"-wpanic=0", "-nosyslog=0")
+	defer test_helpers.UnmountPanic(mnt)
+	// Try to crash it
+	req := ctlsock.RequestStruct{DecryptPath: "gocryptfs.longname.XXX_TestCtlSockCrash_XXX.name"}
+	test_helpers.QueryCtlSock(t, sock, req)
+}