1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From 62c372581b3342d6540e5c11aaea3247ee9f852c Mon Sep 17 00:00:00 2001
From: Hugo Peixoto <hugo.peixoto@gmail.com>
Date: Mon, 29 Oct 2018 19:40:18 +0000
Subject: [PATCH] Keep empty files unencrypted
To work around the issue that git considers the working directory
dirty when empty files are encrypted, these are kept untouched when
cleaning/smudging.
Security wise, this is not an issue, as you can check if an encrypted
file is empty due to the deterministic encryption properties.
Patch-Source: https://github.com/AGWA/git-crypt/issues/53
---
commands.cpp | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/commands.cpp b/commands.cpp
index 5ac0b47..a0a8d6e 100644
--- a/commands.cpp
+++ b/commands.cpp
@@ -748,6 +748,10 @@ int clean (int argc, const char** argv)
return 1;
}
+ if (file_size == 0) {
+ return 0;
+ }
+
// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
// By using a hash of the file we ensure that the encryption is
// deterministic so git doesn't think the file has changed when it really
@@ -865,6 +869,11 @@ int smudge (int argc, const char** argv)
// Read the header to get the nonce and make sure it's actually encrypted
unsigned char header[10 + Aes_ctr_decryptor::NONCE_LEN];
in.read(reinterpret_cast<char*>(header), sizeof(header));
+
+ if (in.gcount() == 0) {
+ return 0;
+ }
+
if (in.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
// File not encrypted - just copy it out to stdout
std::clog << "git-crypt: Warning: file not encrypted" << std::endl;
|
