Encrypted Filesystem for Linux

symbolic links confuse encfsctl export

Reported by giang nguyen on 2008-03-13
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
EncFS
Fix Released
Undecided
Valient Gough

Bug Description

i saw this is 1.3.2 and also 1.4.1.1:

ROOT [tmp]$ /var/tmp/encfs-1.4.1.1/bin/encfs /tmp/eee /tmp/ddd
The directory "/tmp/eee/" does not exist. Should it be created? (y,n) y
The directory "/tmp/ddd" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> p

Paranoia configuration selected.

Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 512 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.

-------------------------- WARNING --------------------------
The external initialization-vector chaining option has been
enabled. This option disables the use of hard links on the
filesystem. Without hard links, some programs may not work.
The programs 'mutt' and 'procmail' are known to fail. For
more information, please see the encfs mailing list.
If you would like to choose another configuration setting,
please press CTRL-C now to abort and start over.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:
ROOT [tmp]$
ROOT [tmp]$ ls ddd eee
ddd:

eee:
ROOT [tmp]$ touch ddd/Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe ddd/Aasfasfaaasdfasdfasdfasdfasdfaa
ROOT [tmp]$ (cd ddd; ln -s Aasfasfaaasdfasdfasdfasdfasdfaa foo; ln -s Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe bar)
ROOT [tmp]$ ls -l ddd eee
ddd:
total 4
-rw-r--r-- 1 root root 0 Mar 13 15:31 Aasfasfaaasdfasdfasdfasdfasdfaa
-rw-r--r-- 1 root root 0 Mar 13 15:31 Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe
lrwxrwxrwx 1 root root 43 Mar 13 15:31 bar -> Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe
lrwxrwxrwx 1 root root 31 Mar 13 15:31 foo -> Aasfasfaaasdfasdfasdfasdfasdfaa

eee:
total 4
lrwxrwxrwx 1 root root 46 Mar 13 15:31 8Up7tYT0kyb1XdteMfvBp1Fd -> fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,
-rw-r--r-- 1 root root 0 Mar 13 15:31 fgZz9DZf05o0Ry1YTRXgjiUiiVUPVjdg0VSOMh2fPeTcAuDwi7oHk93z,5WO8QuMyg,
-rw-r--r-- 1 root root 0 Mar 13 15:31 fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,
lrwxrwxrwx 1 root root 67 Mar 13 15:31 uP78DTaBO7sFpEijToUJo4md -> fgZz9DZf05o0Ry1YTRXgjiUiiVUPVjdg0VSOMh2fPeTcAuDwi7oHk93z,5WO8QuMyg,
ROOT [tmp]$
ROOT [tmp]$ mkdir newdir
ROOT [tmp]$ ls newdir
ROOT [tmp]$
ROOT [tmp]$ /var/tmp/encfs-1.4.1.1/bin/encfsctl 2>&1 | grep "encfsctl version"
encfsctl version 1.4.1.1
ROOT [tmp]$ /var/tmp/encfs-1.4.1.1/bin/encfsctl export /tmp/eee /tmp/newdir
EncFS Password:
15:43:58 (DirNode.cpp:354) decode err: invalid padding size
ROOT [tmp]$
ROOT [tmp]$ ls -l newdir
total 0
-rw-r--r-- 1 root root 0 Mar 13 15:43 Aasfasfaaasdfasdfasdfasdfasdfaa
-rw-r--r-- 1 root root 0 Mar 13 15:43 Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe
lrwxrwxrwx 1 root root 43 Mar 13 15:43 bar -> Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe
ROOT [tmp]$
ROOT [tmp]$ rm -f newdir/*
ROOT [tmp]$ ls -l newdir
total 0
ROOT [tmp]$
ROOT [tmp]$ /var/tmp/encfs-1.3.2/bin/encfsctl 2>&1 | grep "encfsctl version"
encfsctl version 1.3.2
ROOT [tmp]$ /var/tmp/encfs-1.3.2/bin/encfsctl export /tmp/eee /tmp/newdir
EncFS Password:
15:44:25 (DirNode.cpp:357) decode err: invalid padding size
ROOT [tmp]$
ROOT [tmp]$ ls -l newdir
total 0
-rw-r--r-- 1 root root 0 Mar 13 15:44 Aasfasfaaasdfasdfasdfasdfasdfaa
-rw-r--r-- 1 root root 0 Mar 13 15:44 Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe
lrwxrwxrwx 1 root root 43 Mar 13 15:44 bar -> Aasfasfasdfasdfasfasdfasdfasdfsadfasdfasdfe
ROOT [tmp]$

version information:

ROOT [tmp]$ ldd /var/tmp/encfs-1.3.2/bin/encfsctl | egrep "(rlog|ssl|fuse)"
        librlog.so.1 => /usr/local/lib/librlog.so.1 (0x002c7000)
        libssl.so.4 => /lib/libssl.so.4 (0x00305000)
        libfuse.so.2 => /usr/local/lib/libfuse.so.2 (0x00f55000)
ROOT [tmp]$
ROOT [tmp]$ ls -l /usr/local/lib/librlog.so.1
lrwxrwxrwx 1 root root 16 Mar 12 20:55 /usr/local/lib/librlog.so.1 -> librlog.so.1.3.4
ROOT [tmp]$ ls -l /lib/libssl.so.4
lrwxrwxrwx 1 root root 16 Dec 31 00:16 /lib/libssl.so.4 -> libssl.so.0.9.7a
ROOT [tmp]$ ls -l /usr/local/lib/libfuse.so.2
lrwxrwxrwx 1 root root 16 Mar 12 23:53 /usr/local/lib/libfuse.so.2 -> libfuse.so.2.6.5
ROOT [tmp]$
ROOT [tmp]$ ldd /var/tmp/encfs-1.4.1.1/bin/encfsctl | egrep "(rlog|ssl|fuse)"
        librlog.so.1 => /usr/local/lib/librlog.so.1 (0x003e5000)
        libssl.so.4 => /lib/libssl.so.4 (0x00305000)
        libfuse.so.2 => /usr/local/lib/libfuse.so.2 (0x00a45000)
ROOT [tmp]$
ROOT [tmp]$ ls -l /usr/local/lib/librlog.so.1
lrwxrwxrwx 1 root root 16 Mar 12 20:55 /usr/local/lib/librlog.so.1 -> librlog.so.1.3.4
ROOT [tmp]$ ls -l /lib/libssl.so.4
lrwxrwxrwx 1 root root 16 Dec 31 00:16 /lib/libssl.so.4 -> libssl.so.0.9.7a
ROOT [tmp]$ ls -l /usr/local/lib/libfuse.so.2
lrwxrwxrwx 1 root root 16 Mar 12 23:53 /usr/local/lib/libfuse.so.2 -> libfuse.so.2.6.5
ROOT [tmp]$
ROOT [tmp]$ uname -r
2.6.9-67.0.4.EL
ROOT [tmp]$

giang nguyen (cauthu-hotmail) wrote :

using "cp -r /tmp/ddd /tmp/newdir" appears to be a workaround, but it is not really ideal compared to "encfsctl export"

giang nguyen (cauthu-hotmail) wrote :

fired up gdb:

ROOT [tmp]$ ls newdir/
ROOT [tmp]$ gdb --args /var/tmp/encfs-1.4.1.1/bin/encfsctl export /tmp/eee /tmp/newdir
GNU gdb Red Hat Linux (6.3.0.0-1.143.el4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) b DirNode.cpp:354
No source file named DirNode.cpp.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (DirNode.cpp:354) pending.
(gdb) r
Starting program: /var/tmp/encfs-1.4.1.1/bin/encfsctl export /tmp/eee /tmp/newdir
[Thread debugging using libthread_db enabled]
[New Thread -1209100608 (LWP 6803)]
Breakpoint 2 at 0x2202fd: file DirNode.cpp, line 354.
Pending breakpoint "DirNode.cpp:354" resolved
EncFS Password:
[Switching to Thread -1209100608 (LWP 6803)]

Breakpoint 2, DirNode::plainPath (this=0x875a6a0, cipherPath_=0xbfe65d40 "fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,Dwi7oHk93z,5WO8QuMyg,") at DirNode.cpp:354
354 rError("decode err: %s", err.message());
(gdb) c
Continuing.
15:59:37 (DirNode.cpp:354) decode err: invalid padding size

Program exited normally.
(gdb) ROOT [tmp]$
ROOT [tmp]$
ROOT [tmp]$ ls eee/fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,
eee/fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,
ROOT [tmp]$ ls eee/*Dwi7*
eee/fgZz9DZf05o0Ry1YTRXgjiUiiVUPVjdg0VSOMh2fPeTcAuDwi7oHk93z,5WO8QuMyg,
ROOT [tmp]$

perhaps some buffer overrun?
the "cipherPath_=0xbfe65d40 "fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,Dwi7oHk93z,5WO8QuMyg,"

contains the full name of this file "fp2j,G,DF2WVrekSa1Mq7EN8n,v0N,9OJQfPCwXkfES-R,"
and then the "Dwi7oHk93z,5WO8QuMyg," belongs to the other file "fgZz9DZf05o0Ry1YTRXgjiUiiVUPVjdg0VSOMh2fPeTcAuDwi7oHk93z,5WO8QuMyg,"

Changed in encfs:
assignee: nobody → vgough
Valient Gough (vgough) wrote :

Fixed in development branch, will be in 1.4.2 release.

Changed in encfs:
status: New → Fix Committed
Valient Gough (vgough) on 2008-04-14
Changed in encfs:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers