Keep empty files unencrypted

To work around the issue that git considers the working directory dirty when empty files are encrypted, these are kept untouched when cleaning/smudging. Security wise, this is not an issue, as you can check if an encrypted file is empty due to the deterministic encryption properties.
AGWA · Jul 13, 2020 · 17a9020 · 17a9020
1 parent 7c129cd
commit 17a9020
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/commands.cpp b/commands.cpp
@@ -770,6 +770,10 @@ int clean (int argc, const char** argv)
 		return 1;
 	}
 
+	if (file_size == 0) {
+		return 0;
+	}
+
 	// We use an HMAC of the file as the encryption nonce (IV) for CTR mode.
 	// By using a hash of the file we ensure that the encryption is
 	// deterministic so git doesn't think the file has changed when it really
@@ -887,6 +891,11 @@ int smudge (int argc, const char** argv)
 	// Read the header to get the nonce and make sure it's actually encrypted
 	unsigned char		header[10 + Aes_ctr_decryptor::NONCE_LEN];
 	std::cin.read(reinterpret_cast<char*>(header), sizeof(header));
+
+	if (std::cin.gcount() == 0) {
+		return 0;
+	}
+
 	if (std::cin.gcount() != sizeof(header) || std::memcmp(header, "\0GITCRYPT\0", 10) != 0) {
 		// File not encrypted - just copy it out to stdout
 		std::clog << "git-crypt: Warning: file not encrypted" << std::endl;