libgocryptfs/internal/nametransform/valid.go
Jakob Unterwurzacher 04858ddd22 nametransform: check name validity on encryption
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.

With this change we do not allow to set them in the first
place.
2021-06-02 14:29:48 +02:00

28 lines
739 B
Go

package nametransform
import (
"fmt"
"strings"
)
// IsValidName checks if `name` is a valid name for a normal file
// (does not contain null bytes or "/" etc...).
func IsValidName(name string) error {
if name == "" {
return fmt.Errorf("empty input")
}
if len(name) > NameMax {
return fmt.Errorf("too long")
}
// A name can never contain a null byte or "/". Make sure we never return those
// to the kernel, even when we read a corrupted (or fuzzed) filesystem.
if strings.Contains(name, "\000") || strings.Contains(name, "/") {
return fmt.Errorf("contains forbidden bytes")
}
// The name should never be "." or "..".
if name == "." || name == ".." {
return fmt.Errorf(". and .. are forbidden names")
}
return nil
}