File holes allow large files to contain "holes" of all zero bytes, which are not saved to disk. EncFS supports these, but it determines if a file block is part of a file hole by checking if it is all zeroes. If an entire block is zeroes, it passes the zeroes on without decrypting it or verifying a MAC.
This allows an attacker to insert zero blocks inside a file (or append zero blocks to the end of the file), without being detected when MAC headers are enabled.
2.4 from audit: https://defuse.ca/audits/encfs.htm
Exploitability: High Security Impact: Low
File holes allow large files to contain "holes" of all zero bytes, which are not saved to disk. EncFS supports these, but it determines if a file block is part of a file hole by checking if it is all zeroes. If an entire block is zeroes, it passes the zeroes on without decrypting it or verifying a MAC.
This allows an attacker to insert zero blocks inside a file (or append zero blocks to the end of the file), without being detected when MAC headers are enabled.
Mirror from upstream: https://github.com/vgough/encfs/issues/11