Project

General

Profile

Actions
Copy link

Tasks #70995

closed

Tasks #63293: Implement fscrypt in libcephfs and cephfs-fuse

invalid inode data on long filenames

Added by Christopher Hoffman 11 months ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Christopher Hoffman
Category:
-
Target version:
-
% Done:

0%

Reviewed:
Affected Versions:
Component(FS):
Labels (FS):
Pull request ID:
Tags (freeform):
Merge Commit:
Fixed In:
Released In:
Upkeep Timestamp:

Description

Invalid inode data on filename length > 128.

[enc1]$ name="" && for i in {1..255}; do name=${name}a; done && echo test > $name
[enc1]$ ll
ls: cannot access '???': No such file or directory
total 0
-????????? ? ? ? ?            ? '???'

Actions
Copy link
 #1

Updated by Christopher Hoffman 11 months ago

  • Status changed from New to In Progress
Actions
Copy link
 #2

Updated by Christopher Hoffman 11 months ago

  • Status changed from In Progress to Resolved

The call from client to fscrypt lib was providing either b64 name or an alternate encrypted name as first argument when calling get_decrypted_fname. Instead, provide b64 name as first arg and alternate name as second.

Author: Christopher Hoffman <choffman@redhat.com>
Date:   Wed Apr 23 16:33:46 2025 +0000

    client: Simplify getting decrypted fname

    During unwrap name, get_decrypted_fname parameters accepts
    dname/b64 name and altname. If altname holds a value, this means
    that a plaintext name will be built from altname. In this
    case, dname/b64 name is irrelevant. In the case of empty altname,
    build name from b64 name.

    Fixes: https://tracker.ceph.com/issues/70995
    Signed-off-by: Christopher Hoffman <choffman@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 78bbebbef3b..4702abec474 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -1413,23 +1413,15 @@ std::string Client::_unwrap_name(Inode& diri, const std::string& dname, const st

   auto fscrypt_denc = fscrypt->get_fname_denc(diri.fscrypt_ctx, &diri.fscrypt_key_validator, true);
   if (fscrypt_denc) {
-    if (newaltn.empty()) {
-      std::string plaintext;
-      int r = fscrypt_denc->get_decrypted_fname(newdname, "", &plaintext);
-      if (r < 0) {
-        ldout(cct, 0) << __FILE__ << ":" << __LINE__ << ": failed to decrypt filename (r=" << r << ")" << dendl;
-        return "???";
-      }
-      newdname = std::move(plaintext);
-    } else {
-      /* the dname is irrelevant, the altname has what we want to present to the application */
-      std::string plaintext;
-      int r = fscrypt_denc->get_decrypted_fname(newaltn, "", &plaintext);
-      if (r < 0) {
-        ldout(cct, 0) << __FILE__ << ":" << __LINE__ << ": failed to decrypt filename (r=" << r << ")" << dendl;
-        return "???";
-      }
-      newdname = std::move(plaintext);
+    std::string plaintext;
+    int r = fscrypt_denc->get_decrypted_fname(newdname, newaltn, &plaintext);
+    if (r < 0) {
+      ldout(cct, 0) << __FILE__ << ":" << __LINE__ << ": failed to decrypt filename (r=" << r << ")" << dendl;
+      return "???";
+    }
+
+    newdname = std::move(plaintext);
+    if (!newaltn.empty()) {
       newaltn = newdname;
     }
   }
Actions
Copy link

Also available in: Atom PDF