summaryrefslogtreecommitdiff
path: root/internal/contentenc
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-04-24 00:25:02 +0200
committerJakob Unterwurzacher2017-04-24 00:25:02 +0200
commit3409ade2723d931097560fbbe35e461553c5912c (patch)
treec12f3eb3fa93eba352170ab597d70d6a72498ce2 /internal/contentenc
parentf1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff)
forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
Diffstat (limited to 'internal/contentenc')
-rw-r--r--internal/contentenc/content.go9
1 files changed, 5 insertions, 4 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 9998c06..8220d89 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -86,7 +86,9 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file
var pBlock []byte
pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileID)
if err != nil {
- if be.forceDecode == false || (be.forceDecode == true && stupidgcm.AuthError != err) {
+ if be.forceDecode && err == stupidgcm.ErrAuth {
+ tlog.Warn.Printf("DecryptBlocks: authentication failure in block #%d, overriden by forcedecode", firstBlockNo)
+ } else {
break
}
}
@@ -139,11 +141,10 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b
if err != nil {
tlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig))
tlog.Debug.Println(hex.Dump(ciphertextOrig))
- if be.forceDecode == true {
+ if be.forceDecode && err == stupidgcm.ErrAuth {
return plaintext, err
- } else {
- return nil, err
}
+ return nil, err
}
return plaintext, nil