diff options
author | Jakob Unterwurzacher | 2017-04-24 00:25:02 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-04-24 00:25:02 +0200 |
commit | 3409ade2723d931097560fbbe35e461553c5912c (patch) | |
tree | c12f3eb3fa93eba352170ab597d70d6a72498ce2 /internal/contentenc | |
parent | f1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff) |
forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount.
Also, force the fs to ro,noexec.
Diffstat (limited to 'internal/contentenc')
-rw-r--r-- | internal/contentenc/content.go | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 9998c06..8220d89 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -86,7 +86,9 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file var pBlock []byte pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileID) if err != nil { - if be.forceDecode == false || (be.forceDecode == true && stupidgcm.AuthError != err) { + if be.forceDecode && err == stupidgcm.ErrAuth { + tlog.Warn.Printf("DecryptBlocks: authentication failure in block #%d, overriden by forcedecode", firstBlockNo) + } else { break } } @@ -139,11 +141,10 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b if err != nil { tlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig)) tlog.Debug.Println(hex.Dump(ciphertextOrig)) - if be.forceDecode == true { + if be.forceDecode && err == stupidgcm.ErrAuth { return plaintext, err - } else { - return nil, err } + return nil, err } return plaintext, nil |