From 5d2c83a7e9131648770c7ed4d2f6e67ab44e22bb Mon Sep 17 00:00:00 2001
From: Simon Frei <freisim93@gmail.com>
Date: Mon, 23 Nov 2020 18:37:27 +0100
Subject: [PATCH] lib/protocol: Fix OOR panic on recv-only folders (#7143)

---
 lib/protocol/encryption.go      |  7 ++++++-
 lib/protocol/encryption_test.go | 23 +++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/lib/protocol/encryption.go b/lib/protocol/encryption.go
index ca5e4fce3..e83e887ae 100644
--- a/lib/protocol/encryption.go
+++ b/lib/protocol/encryption.go
@@ -542,6 +542,11 @@ func isEncryptedParentFromComponents(pathComponents []string) bool {
 		return false
 	} else if l == 2 && len(pathComponents[1]) != 2 {
 		return false
+	} else if l == 0 {
+		return false
 	}
-	return pathComponents[0][1:1+len(encryptedDirExtension)] == encryptedDirExtension
+	if len(pathComponents[0]) == 0 {
+		return false
+	}
+	return pathComponents[0][1:] == encryptedDirExtension
 }
diff --git a/lib/protocol/encryption_test.go b/lib/protocol/encryption_test.go
index 5da7739b0..8357ed0e4 100644
--- a/lib/protocol/encryption_test.go
+++ b/lib/protocol/encryption_test.go
@@ -95,3 +95,26 @@ func TestEnDecryptFileInfo(t *testing.T) {
 		t.Error("mismatch after decryption")
 	}
 }
+
+func TestIsEncryptedParent(t *testing.T) {
+	cases := []struct {
+		path string
+		is   bool
+	}{
+		{"", false},
+		{".", false},
+		{"/", false},
+		{"12" + encryptedDirExtension, false},
+		{"1" + encryptedDirExtension, true},
+		{"1" + encryptedDirExtension + "/b", false},
+		{"1" + encryptedDirExtension + "/bc", true},
+		{"1" + encryptedDirExtension + "/bcd", false},
+		{"1" + encryptedDirExtension + "/bc/foo", false},
+		{"1.12/22", false},
+	}
+	for _, tc := range cases {
+		if res := IsEncryptedParent(tc.path); res != tc.is {
+			t.Errorf("%v: got %v, expected %v", tc.path, res, tc.is)
+		}
+	}
+}