diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-12-13 11:48:46 -0600 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-12-13 11:48:46 -0600 |
| commit | 735b66606e25b20089b653977c23115e30170a1f (patch) | |
| tree | c214e6d0bc4de281189b39e35ae5a79ff47e2583 /src/sbin/bcfg2-crypt | |
| parent | 1209c71f57c6bc566f194598d137e3619006888f (diff) | |
| download | bcfg2-735b66606e25b20089b653977c23115e30170a1f.tar.gz bcfg2-735b66606e25b20089b653977c23115e30170a1f.tar.bz2 bcfg2-735b66606e25b20089b653977c23115e30170a1f.zip | |
bcfg2-crypt: fixed edge case where value is decrypted with the wrong key to produce gibberish
Diffstat (limited to 'src/sbin/bcfg2-crypt')
| -rwxr-xr-x | src/sbin/bcfg2-crypt | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt index 961a8dc58..9eab7bd29 100755 --- a/src/sbin/bcfg2-crypt +++ b/src/sbin/bcfg2-crypt @@ -355,10 +355,20 @@ class PropertiesEncryptor(Encryptor): if not crypted.text or not crypted.text.strip(): self.logger.warning("Skipping empty element %s" % crypted.tag) return crypted - crypted.text = Bcfg2.Encryption.ssl_decrypt( + decrypted = Bcfg2.Encryption.ssl_decrypt( crypted.text, passphrase, Bcfg2.Encryption.get_algorithm(self.setup)).strip() + try: + crypted.text = decrypted.encode('ascii', 'xmlcharrefreplace') + except UnicodeDecodeError: + # we managed to decrypt the value, but it contains content + # that can't even be encoded into xml entities. what + # probably happened here is that we coincidentally could + # decrypt a value encrypted with a different key, and + # wound up with gibberish. + self.logger.warning("Decrypted %s to gibberish, skipping" % + crypted.tag) return crypted |