From de3a2c189578f7636c39fde44fbe1da9c78b367e Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 4 Nov 2018 21:29:17 +0100 Subject: [PATCH] fusefrontend: mark a few more functions as symlink-safe / unsafe --- internal/fusefrontend/names.go | 5 +++++ internal/fusefrontend/xattr.go | 2 ++ internal/nametransform/longnames.go | 10 +++++++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go index 5ec252b..6997177 100644 --- a/internal/fusefrontend/names.go +++ b/internal/fusefrontend/names.go @@ -33,6 +33,8 @@ func (fs *FS) isFiltered(path string) bool { // GetBackingPath - get the absolute encrypted path of the backing file // from the relative plaintext path "relPath" +// +// TODO: this function is NOT symlink-safe. func (fs *FS) getBackingPath(relPath string) (string, error) { cPath, err := fs.encryptPath(relPath) if err != nil { @@ -96,6 +98,9 @@ func (fs *FS) openBackingDir(relPath string) (dirfd int, cName string, err error } // encryptPath - encrypt relative plaintext path +// +// TODO: this function is NOT symlink-safe because EncryptPathDirIV is not +// symlink-safe. func (fs *FS) encryptPath(plainPath string) (string, error) { if plainPath != "" { // Empty path gets encrypted all the time without actual file accesses. fs.AccessedSinceLastCheck = 1 diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index 2fd51a3..81cb207 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -24,6 +24,7 @@ var xattrNameIV = []byte("xattr_name_iv_xx") var xattrStorePrefix = "user.gocryptfs." // GetXAttr - FUSE call. Reads the value of extended attribute "attr". +// // TODO: Make symlink-safe. Blocker: package xattr does not provide fgetxattr(2). func (fs *FS) GetXAttr(path string, attr string, context *fuse.Context) ([]byte, fuse.Status) { if fs.isFiltered(path) { @@ -86,6 +87,7 @@ func (fs *FS) RemoveXAttr(path string, attr string, context *fuse.Context) fuse. } // ListXAttr - FUSE call. Lists extended attributes on the file at "path". +// // TODO: Make symlink-safe. Blocker: package xattr does not provide // flistxattr(2). func (fs *FS) ListXAttr(path string, context *fuse.Context) ([]string, fuse.Status) { diff --git a/internal/nametransform/longnames.go b/internal/nametransform/longnames.go index 9c8637e..6788ce6 100644 --- a/internal/nametransform/longnames.go +++ b/internal/nametransform/longnames.go @@ -24,6 +24,8 @@ const ( // HashLongName - take the hash of a long string "name" and return // "gocryptfs.longname.[sha256]" +// +// This function does not do any I/O. func (n *NameTransform) HashLongName(name string) string { hashBin := sha256.Sum256([]byte(name)) hashBase64 := n.B64.EncodeToString(hashBin[:]) @@ -47,6 +49,8 @@ const ( // gocryptfs.longname.[sha256] ........ LongNameContent (content of a long name file) // gocryptfs.longname.[sha256].name .... LongNameFilename (full file name of a long name file) // else ................................ LongNameNone (normal file) +// +// This function does not do any I/O. func NameType(cName string) int { if !strings.HasPrefix(cName, longNamePrefix) { return LongNameNone @@ -59,11 +63,15 @@ func NameType(cName string) int { // IsLongContent returns true if "cName" is the content store of a long name // file (looks like "gocryptfs.longname.[sha256]"). +// +// This function does not do any I/O. func IsLongContent(cName string) bool { return NameType(cName) == LongNameContent } -// ReadLongName - read "$path.name" +// ReadLongName - read cName + ".name" from the directory opened as dirfd. +// +// Symlink-safe through Openat(). func ReadLongNameAt(dirfd int, cName string) (string, error) { cName += LongNameSuffix fd, err := syscallcompat.Openat(dirfd, cName, syscall.O_NOFOLLOW, 0)