From 62c372581b3342d6540e5c11aaea3247ee9f852c Mon Sep 17 00:00:00 2001 From: Hugo Peixoto Date: Mon, 29 Oct 2018 19:40:18 +0000 Subject: [PATCH] Keep empty files unencrypted To work around the issue that git considers the working directory dirty when empty files are encrypted, these are kept untouched when cleaning/smudging. Security wise, this is not an issue, as you can check if an encrypted file is empty due to the deterministic encryption properties. Patch-Source: https://github.com/AGWA/git-crypt/issues/53 --- commands.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/commands.cpp b/commands.cpp index 5ac0b47..a0a8d6e 100644 --- a/commands.cpp +++ b/commands.cpp @@ -748,6 +748,10 @@ int clean (int argc, const char** argv) return 1; } + if (file_size == 0) { + return 0; + } + // We use an HMAC of the file as the encryption nonce (IV) for CTR mode. // By using a hash of the file we ensure that the encryption is // deterministic so git doesn't think the file has changed when it really @@ -865,6 +869,11 @@ int smudge (int argc, const char** argv) // Read the header to get the nonce and make sure it's actually encrypted unsigned char header[10 + Aes_ctr_decryptor::NONCE_LEN]; in.read(reinterpret_cast(header), sizeof(header)); + + if (in.gcount() == 0) { + return 0; + } + if (in.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) { // File not encrypted - just copy it out to stdout std::clog << "git-crypt: Warning: file not encrypted" << std::endl;