aboutsummaryrefslogtreecommitdiffstats
path: root/testing/git-crypt/0002-keep-empty-files-unencrypted.patch
blob: d0e490bfd85f600d0ef43326c9f5dd9b47eefb9a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
From 62c372581b3342d6540e5c11aaea3247ee9f852c Mon Sep 17 00:00:00 2001
From: Hugo Peixoto <hugo.peixoto@gmail.com>
Date: Mon, 29 Oct 2018 19:40:18 +0000
Subject: [PATCH] Keep empty files unencrypted

To work around the issue that git considers the working directory
dirty when empty files are encrypted, these are kept untouched when
cleaning/smudging.

Security wise, this is not an issue, as you can check if an encrypted
file is empty due to the deterministic encryption properties.

Patch-Source: https://github.com/AGWA/git-crypt/issues/53
---
 commands.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/commands.cpp b/commands.cpp
index 5ac0b47..a0a8d6e 100644
--- a/commands.cpp
+++ b/commands.cpp
@@ -748,6 +748,10 @@ int clean (int argc, const char** argv)
 		return 1;
 	}
 
+	if (file_size == 0) {
+		return 0;
+	}
+
 	// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
 	// By using a hash of the file we ensure that the encryption is
 	// deterministic so git doesn't think the file has changed when it really
@@ -865,6 +869,11 @@ int smudge (int argc, const char** argv)
 	// Read the header to get the nonce and make sure it's actually encrypted
 	unsigned char		header[10 + Aes_ctr_decryptor::NONCE_LEN];
 	in.read(reinterpret_cast<char*>(header), sizeof(header));
+
+	if (in.gcount() == 0) {
+		return 0;
+	}
+
 	if (in.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
 		// File not encrypted - just copy it out to stdout
 		std::clog << "git-crypt: Warning: file not encrypted" << std::endl;