Make sure we don't return plaintext if decryption failed

As a measure against EFAIL.
author: Christian Mollekopf <chrigi_1@fastmail.fm> 2018-05-15 09:58:40 +0200
committer: Christian Mollekopf <chrigi_1@fastmail.fm> 2018-05-15 09:58:40 +0200
commit: e6490b8d71a26a96714b070667f93656f3afb489 (patch)
tree: a5b8f59874976d187d5ea91818f9cf17acbbcaf2 /framework/src/domain/mime/crypto.cpp
parent: dd1513c38678e10383013f8c6598864708c1ee2f (diff)
download: kube-e6490b8d71a26a96714b070667f93656f3afb489.tar.gz
kube-e6490b8d71a26a96714b070667f93656f3afb489.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/framework/src/domain/mime/crypto.cpp b/framework/src/domain/mime/crypto.cpp
index 9722dba8..1b121931 100644
--- a/framework/src/domain/mime/crypto.cpp
+++ b/framework/src/domain/mime/crypto.cpp
@@ -211,6 +211,10 @@ std::pair<DecryptionResult,VerificationResult> Crypto::decryptAndVerify(CryptoPr
    auto err = gpgme_op_decrypt_verify(ctx, Data{ciphertext}.data, out);
    if (err) {
        qWarning() << "Failed to decrypt and verify" << Error{err};
+        //We make sure we don't return any plain-text if the decryption failed to prevent EFAIL
+        if (err == GPG_ERR_DECRYPT_FAILED) {
+            return std::make_pair(DecryptionResult{{}, {err}}, VerificationResult{{}, {err}});
+        }
    }
    VerificationResult verificationResult{{}, {err}};
author	Christian Mollekopf <chrigi_1@fastmail.fm>	2018-05-15 09:58:40 +0200
committer	Christian Mollekopf <chrigi_1@fastmail.fm>	2018-05-15 09:58:40 +0200
commit	e6490b8d71a26a96714b070667f93656f3afb489 (patch)
tree	a5b8f59874976d187d5ea91818f9cf17acbbcaf2 /framework/src/domain/mime/crypto.cpp
parent	dd1513c38678e10383013f8c6598864708c1ee2f (diff)
download	kube-e6490b8d71a26a96714b070667f93656f3afb489.tar.gz kube-e6490b8d71a26a96714b070667f93656f3afb489.zip