diff options
| author | Christian Mollekopf <chrigi_1@fastmail.fm> | 2018-05-15 09:58:40 +0200 |
|---|---|---|
| committer | Christian Mollekopf <chrigi_1@fastmail.fm> | 2018-05-15 09:58:40 +0200 |
| commit | e6490b8d71a26a96714b070667f93656f3afb489 (patch) | |
| tree | a5b8f59874976d187d5ea91818f9cf17acbbcaf2 /framework/src | |
| parent | dd1513c38678e10383013f8c6598864708c1ee2f (diff) | |
| download | kube-e6490b8d71a26a96714b070667f93656f3afb489.tar.gz kube-e6490b8d71a26a96714b070667f93656f3afb489.zip | |
Make sure we don't return plaintext if decryption failed
As a measure against EFAIL.
Diffstat (limited to 'framework/src')
| -rw-r--r-- | framework/src/domain/mime/crypto.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/framework/src/domain/mime/crypto.cpp b/framework/src/domain/mime/crypto.cpp index 9722dba8..1b121931 100644 --- a/framework/src/domain/mime/crypto.cpp +++ b/framework/src/domain/mime/crypto.cpp | |||
| @@ -211,6 +211,10 @@ std::pair<DecryptionResult,VerificationResult> Crypto::decryptAndVerify(CryptoPr | |||
| 211 | auto err = gpgme_op_decrypt_verify(ctx, Data{ciphertext}.data, out); | 211 | auto err = gpgme_op_decrypt_verify(ctx, Data{ciphertext}.data, out); |
| 212 | if (err) { | 212 | if (err) { |
| 213 | qWarning() << "Failed to decrypt and verify" << Error{err}; | 213 | qWarning() << "Failed to decrypt and verify" << Error{err}; |
| 214 | //We make sure we don't return any plain-text if the decryption failed to prevent EFAIL | ||
| 215 | if (err == GPG_ERR_DECRYPT_FAILED) { | ||
| 216 | return std::make_pair(DecryptionResult{{}, {err}}, VerificationResult{{}, {err}}); | ||
| 217 | } | ||
| 214 | } | 218 | } |
| 215 | 219 | ||
| 216 | VerificationResult verificationResult{{}, {err}}; | 220 | VerificationResult verificationResult{{}, {err}}; |