New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/openpgp: PromptFunction infinite loop #9315
Comments
Example code is here: https://gist.github.com/AndrewVos/2378569c32d4fbff9b49 |
I am happy to tackle this if no one else is working on it. You may assign it to me. |
@marete, feel free to send a cl (changelist); http://golang.org/doc/contribute.html |
AndrewVos: Please download and test this CL, which should fix the problem: https://go-review.googlesource.com/2570 |
@marete and @bradfitz, I think @agl fixed this issue with https://go-review.googlesource.com/#/c/14038 but since in the commit message of that CL the magic word |
Ping! |
SymmetricKeyEncrypted cached the results of decryption so, if a bad password was given, ReadMessage would prompt forever because a later, correct password wouldn't override the cached decryption. The SymmetricKeyEncrypted object can't know whether a given passphrase is correct so it should never have been a mutable object in the first place. This change makes it so that it doesn't cache anything. Fixes golang#9315 Change-Id: Ic2b75f7f60a575e2182ac7e5c5d4198597c5d0a2 Reviewed-on: https://go-review.googlesource.com/14038 Reviewed-by: Andrew Gerrand <adg@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
ReadMessage PromptFunction is called forever.
If PromptFunction returns the correct key the first time, then decryption succeeds. If, however, you return the correct key any time after the first time then decryption will never succeed and PromptFunction gets called forever.
The text was updated successfully, but these errors were encountered: