From 3409ade2723d931097560fbbe35e461553c5912c Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 24 Apr 2017 00:25:02 +0200 Subject: forcedecode: tighten checks ...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec. --- internal/contentenc/content.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'internal/contentenc') diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 9998c06..8220d89 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -86,7 +86,9 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file var pBlock []byte pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileID) if err != nil { - if be.forceDecode == false || (be.forceDecode == true && stupidgcm.AuthError != err) { + if be.forceDecode && err == stupidgcm.ErrAuth { + tlog.Warn.Printf("DecryptBlocks: authentication failure in block #%d, overriden by forcedecode", firstBlockNo) + } else { break } } @@ -139,11 +141,10 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b if err != nil { tlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig)) tlog.Debug.Println(hex.Dump(ciphertextOrig)) - if be.forceDecode == true { + if be.forceDecode && err == stupidgcm.ErrAuth { return plaintext, err - } else { - return nil, err } + return nil, err } return plaintext, nil -- cgit v1.2.3