cli: don't split multiple-strings flags on comma

Looks like I used StringSliceVar (which splits on comma)
where I should have always used StringArrayVar (which does not).

Bug report contains this example of misbehavoir:

	#gocryptfs -extpass 'echo abc,123' -init testdir
	Reading password from extpass program "echo abc", arguments: ["123"]
	extpass cmd start failed: exec: "echo abc": executable file not found in $PATH

Fixes https://github.com/rfjakob/gocryptfs/issues/730

README.md

@@ -195,6 +195,10 @@ RM:    2,367
 Changelog
 ---------
 
+#### v2.3.2, 2023-04-29
+* Fix incorrect file size reported after hard link creation
+  ([#724](https://github.com/rfjakob/gocryptfs/issues/724))
+
 #### v2.3.1, 2023-03-04
 * Optimize NFS streaming write performance ([#712](https://github.com/rfjakob/gocryptfs/issues/712),
   [commit](https://github.com/rfjakob/gocryptfs/commit/8f3ec5dcaa6eb18d11746675190a7aaceb422764)).

cli_args.go

@@ -210,16 +210,16 @@ func parseCliOpts(osArgs []string) (args argContainer) {
 	flagSet.StringVar(&args.fido2, "fido2", "", "Protect the masterkey using a FIDO2 token instead of a password")
 
 	// Exclusion options
-	flagSet.StringSliceVar(&args.exclude, "e", nil, "Alias for -exclude")
-	flagSet.StringSliceVar(&args.exclude, "exclude", nil, "Exclude relative path from reverse view")
-	flagSet.StringSliceVar(&args.excludeWildcard, "ew", nil, "Alias for -exclude-wildcard")
-	flagSet.StringSliceVar(&args.excludeWildcard, "exclude-wildcard", nil, "Exclude path from reverse view, supporting wildcards")
-	flagSet.StringSliceVar(&args.excludeFrom, "exclude-from", nil, "File from which to read exclusion patterns (with -exclude-wildcard syntax)")
+	flagSet.StringArrayVar(&args.exclude, "e", nil, "Alias for -exclude")
+	flagSet.StringArrayVar(&args.exclude, "exclude", nil, "Exclude relative path from reverse view")
+	flagSet.StringArrayVar(&args.excludeWildcard, "ew", nil, "Alias for -exclude-wildcard")
+	flagSet.StringArrayVar(&args.excludeWildcard, "exclude-wildcard", nil, "Exclude path from reverse view, supporting wildcards")
+	flagSet.StringArrayVar(&args.excludeFrom, "exclude-from", nil, "File from which to read exclusion patterns (with -exclude-wildcard syntax)")
 
 	// multipleStrings options ([]string)
-	flagSet.StringSliceVar(&args.extpass, "extpass", nil, "Use external program for the password prompt")
-	flagSet.StringSliceVar(&args.badname, "badname", nil, "Glob pattern invalid file names that should be shown")
-	flagSet.StringSliceVar(&args.passfile, "passfile", nil, "Read password from file")
+	flagSet.StringArrayVar(&args.extpass, "extpass", nil, "Use external program for the password prompt")
+	flagSet.StringArrayVar(&args.badname, "badname", nil, "Glob pattern invalid file names that should be shown")
+	flagSet.StringArrayVar(&args.passfile, "passfile", nil, "Read password from file")
 
 	flagSet.Uint8Var(&args.longnamemax, "longnamemax", 255, "Hash encrypted names that are longer than this")
 

cli_args_test.go

@@ -131,48 +131,46 @@ func TestParseCliOpts(t *testing.T) {
 		o argContainer
 	}
 
-	var testcases []testcaseContainer
-
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs"},
-		o: defaultArgs,
-	})
+	testcases := []testcaseContainer{
+		{
+			i: []string{"gocryptfs"},
+			o: defaultArgs,
+		},
+	}
 
 	o := defaultArgs
 	o.quiet = true
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "-q"},
-		o: o,
-	})
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "--q"},
-		o: o,
-	})
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "-quiet"},
-		o: o,
-	})
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "--quiet"},
-		o: o,
-	})
+	testcases = append(testcases, []testcaseContainer{
+		{
+			i: []string{"gocryptfs", "-q"},
+			o: o,
+		}, {
+			i: []string{"gocryptfs", "--q"},
+			o: o,
+		}, {
+			i: []string{"gocryptfs", "-quiet"},
+			o: o,
+		}, {
+			i: []string{"gocryptfs", "--quiet"},
+			o: o,
+		},
+	}...)
 
 	o = defaultArgs
-	o.exclude = []string{"foo", "bar"}
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "-e", "foo", "-e", "bar"},
-		o: o,
-	})
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "--exclude", "foo", "--exclude", "bar"},
-		o: o,
-	})
-	/* TODO BROKEN
-	testcases = append(testcases, testcaseContainer{
-		i: []string{"gocryptfs", "--exclude", "foo", "-e", "bar"},
-		o: o,
-	})
-	*/
+	o.exclude = []string{"foo", "bar", "baz,boe"}
+	testcases = append(testcases, []testcaseContainer{
+		{
+			i: []string{"gocryptfs", "-e", "foo", "-e", "bar", "-e", "baz,boe"},
+			o: o,
+		}, {
+			i: []string{"gocryptfs", "--exclude", "foo", "--exclude", "bar", "--exclude", "baz,boe"},
+			o: o,
+		}, /* TODO BROKEN {
+			i: []string{"gocryptfs", "--exclude", "foo", "-e", "bar"},
+			o: o,
+		},*/
+	}...)
+
 	for _, tc := range testcases {
 		o := parseCliOpts(tc.i)
 		if !reflect.DeepEqual(o, tc.o) {

go.mod

@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/aperturerobotics/jacobsa-crypto v1.0.0
-	github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde
+	github.com/hanwen/go-fuse/v2 v2.3.0
 	github.com/pkg/xattr v0.4.3
 	github.com/rfjakob/eme v1.1.2
 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f

go.sum

@@ -3,8 +3,8 @@ github.com/aperturerobotics/jacobsa-crypto v1.0.0 h1:ARfIuzgovK+5leAKbFHcicKEgMz
 github.com/aperturerobotics/jacobsa-crypto v1.0.0/go.mod h1:xq0oOkHSPQ1E5ByqbwLhCJ1mygYHtXTMQnvHD4tz4Cc=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde h1:fgTauqHA48CDt+qVQR+PJXqiI9bpYQglMIIi+h/mMts=
-github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
+github.com/hanwen/go-fuse/v2 v2.3.0 h1:t5ivNIH2PK+zw4OBul/iJjsoG9K6kXo4nMDoBpciC8A=
+github.com/hanwen/go-fuse/v2 v2.3.0/go.mod h1:xKwi1cF7nXAOBCXujD5ie0ZKsxc8GGSA1rlMJc+8IJs=
 github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA=
 github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M=
 github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw=
@@ -15,6 +15,8 @@ github.com/jacobsa/reqtrace v0.0.0-20150505043853-245c9e0234cb h1:uSWBjJdMf47kQl
 github.com/jacobsa/reqtrace v0.0.0-20150505043853-245c9e0234cb/go.mod h1:ivcmUvxXWjb27NsPEaiYK7AidlZXS7oQ5PowUS9z3I4=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
+github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
+github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/pkg/xattr v0.4.3 h1:5Jx4GCg5ABtqWZH8WLzeI4fOtM1HyX4RBawuCoua1es=
 github.com/pkg/xattr v0.4.3/go.mod h1:sBD3RAqlr8Q+RC3FutZcikpT8nyDrIEEBw2J744gVWs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -34,7 +36,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0=
 golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

internal/fusefrontend/node.go

@@ -334,6 +334,7 @@ func (n *Node) Link(ctx context.Context, target fs.InodeEmbedder, name string, o
 		return
 	}
 	inode = n.newChild(ctx, st, out)
+	n.translateSize(dirfd, cName, &out.Attr)
 	return inode, 0
 }
 

internal/fusefrontend/node_helpers.go

@@ -62,6 +62,7 @@ func (n *Node) translateSize(dirfd int, cName string, out *fuse.Attr) {
 		rn := n.rootNode()
 		out.Size = rn.contentEnc.CipherSizeToPlainSize(out.Size)
 	} else if out.IsSymlink() {
+		// read and decrypt target
 		target, _ := n.readlink(dirfd, cName)
 		out.Size = uint64(len(target))
 	}

tests/matrix/matrix_test.go

@@ -915,6 +915,45 @@ func TestSymlinkSize(t *testing.T) {
 	}
 }
 
+// gocryptfs 2.0+ reported the ciphertext size on hard link creation
+// https://github.com/rfjakob/gocryptfs/issues/724
+func TestLinkSize(t *testing.T) {
+	p := filepath.Join(test_helpers.DefaultPlainDir, t.Name()) + ".regular"
+	f, err := os.Create(p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, err = f.WriteString("x")
+	f.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
+	doTestLinkSize(t, p)
+
+	p = filepath.Join(test_helpers.DefaultPlainDir, t.Name()) + ".symlink"
+	err = syscall.Symlink("x", p)
+	if err != nil {
+		t.Fatal(err)
+	}
+	doTestLinkSize(t, p)
+}
+
+func doTestLinkSize(t *testing.T, p string) {
+	p2 := p + ".link"
+	err := syscall.Link(p, p2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var st syscall.Stat_t
+	err = syscall.Lstat(p2, &st)
+	if err != nil {
+		t.Fatal(filepath.Base(p2), err)
+	}
+	if st.Size != 1 {
+		t.Errorf("wrong %s size: want=1 have=%d", filepath.Base(p), st.Size)
+	}
+}
+
 // TestPwd check that /usr/bin/pwd works inside gocryptfs.
 //
 // This was broken in gocryptfs v2.0 with -sharedstorage: