diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2014-01-02 09:40:03 -0500 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2014-01-02 09:40:03 -0500 |
| commit | 7520748d3644d3b92f784e6142a899dc9a3182fd (patch) | |
| tree | a8410cf901267a0b32fdc0eb5e7bb396753bd9ce | |
| parent | 334d210d6be5b262578e8b60e722647a25e799be (diff) | |
| download | bcfg2-7520748d3644d3b92f784e6142a899dc9a3182fd.tar.gz bcfg2-7520748d3644d3b92f784e6142a899dc9a3182fd.tar.bz2 bcfg2-7520748d3644d3b92f784e6142a899dc9a3182fd.zip | |
Encryption: better error message when base64 decode fails
| -rwxr-xr-x | src/lib/Bcfg2/Encryption.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/lib/Bcfg2/Encryption.py b/src/lib/Bcfg2/Encryption.py index 6d16748d5..a09d652d2 100755 --- a/src/lib/Bcfg2/Encryption.py +++ b/src/lib/Bcfg2/Encryption.py @@ -3,6 +3,7 @@ handling encryption in Bcfg2. See :ref:`server-encryption` for more details. """ import os +import sys from M2Crypto import Rand from M2Crypto.EVP import Cipher, EVPError from Bcfg2.Compat import StringIO, md5, b64encode, b64decode @@ -114,7 +115,15 @@ def ssl_decrypt(data, passwd, algorithm=ALGORITHM): :returns: string - The decrypted data """ # base64-decode the data - data = b64decode(data) + try: + data = b64decode(data) + except TypeError: + # we do not include the data in the error message, because one + # of the common causes of this is data that claims to be + # encrypted but is not. we don't want to include a plaintext + # secret in the error logs. + raise TypeError("Could not decode base64 data: %s" % + (data, sys.exc_info()[1])) salt = data[8:16] # pylint: disable=E1101,E1121 hashes = [md5(passwd + salt).digest()] |