libgocryptfs/internal/fusefrontend_reverse/ctlsock_interface.go
Jakob Unterwurzacher 04858ddd22 nametransform: check name validity on encryption
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.

With this change we do not allow to set them in the first
place.
2021-06-02 14:29:48 +02:00

43 lines
1.1 KiB
Go

package fusefrontend_reverse
import (
"path/filepath"
"strings"
"golang.org/x/sys/unix"
"github.com/rfjakob/gocryptfs/internal/ctlsocksrv"
"github.com/rfjakob/gocryptfs/internal/pathiv"
)
// Verify that the interface is implemented.
var _ ctlsocksrv.Interface = &RootNode{}
// EncryptPath implements ctlsock.Backend.
// This is used for the control socket and for the "-exclude" logic.
func (rn *RootNode) EncryptPath(plainPath string) (string, error) {
if rn.args.PlaintextNames || plainPath == "" {
return plainPath, nil
}
cipherPath := ""
parts := strings.Split(plainPath, "/")
for _, part := range parts {
dirIV := pathiv.Derive(cipherPath, pathiv.PurposeDirIV)
encryptedPart, err := rn.nameTransform.EncryptName(part, dirIV)
if err != nil {
return "", err
}
if rn.args.LongNames && len(encryptedPart) > unix.NAME_MAX {
encryptedPart = rn.nameTransform.HashLongName(encryptedPart)
}
cipherPath = filepath.Join(cipherPath, encryptedPart)
}
return cipherPath, nil
}
// DecryptPath implements ctlsock.Backend
func (rn *RootNode) DecryptPath(cipherPath string) (string, error) {
p, err := rn.decryptPath(cipherPath)
return p, err
}