Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Lustre 2.15.0
-
None
-
3
-
9223372036854775807
Description
With fscrypt passing binary names to the underlying ldiskfs storage, the lookup API should be passing the length of the key through the DT index API instead of calling strlen() on the string, otherwise this may incorrectly process keys with embedded NUL bytes.
Attachments
Issue Links
- is related to
-
LU-13717 Client-side encryption - support file name encryption
-
- Resolved
-
Actually, in order to avoid this large change in the DT index API as part of the
LU-13717series, I had decided to critical encode the names of encrypted files passed from client to server. This escapes NULL, LF, CR, /, DEL and = characters, so that using strlen is safe.So the code is sane as it is today. But passing the length of the key through the DT index API instead of calling strlen on the string seems to be a better longer term option. And that would avoid the need to critical encode names on client side before the request is sent, just to critical decode those names on server side upon request receive. Unless the ptlrpc layer requires buffers put in the requests to be nul terminated?