]> git.apps.os.sepia.ceph.com Git - fscrypt.git/commit
projects / fscrypt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fa1a1fd) | patch
filesystem: validate size and type of metadata files
authorEric Biggers <ebiggers@google.com>
Wed, 23 Feb 2022 20:35:04 +0000 (12:35 -0800)
committerEric Biggers <ebiggers@google.com>
Wed, 23 Feb 2022 20:35:04 +0000 (12:35 -0800)
commit1a47718420317f893831b0223153d56005d5b02b
treeb5cdbe761bee21efc4d643083c4bc76065d132fdtree | snapshot
parentfa1a1fdbdea65829ce24a6b6f86ce2961e465b02commit | diff
filesystem: validate size and type of metadata files

Don't allow reading metadata files that are very large, as they can
crash the program due to the memory required.  Similarly, don't allow
reading metadata files that aren't regular files, such as FIFOs, or
symlinks (which could point to a device node like /dev/zero), as that
can hang the program.  Both issues were particularly problematic for
pam_fscrypt, as they could prevent users from being able to log in.

Note: these checks are arguably unneeded if we strictly check the file
ownership too, which a later commit will do.  But there's no reason not
to do these basic checks too.
filesystem/filesystem.go diff | blob | history
filesystem/filesystem_test.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.