Opened 14 years ago

Closed 12 years ago

Last modified 13 years ago

#196 closed defect (fixed)

Better error-handling for unreadable encryption key files

Reported by: rjl Owned by: dmorton
Priority: normal Milestone: 1.0.2
Component: amavisd-maia Version: 1.0.0 RC5
Severity: normal Keywords: blowfish encryption permissions
Cc:

Description

If the Blowfish key file (typically blowfish.key) is present but unreadable (e.g. for permissions reasons), amavisd-maia ends up using a null key by mistake. The read_config() portion of amavisd-maia needs to be amended to undefine $key_file in that situation to disable encryption, and log a warning message.

Change History (5)

comment:1 Changed 13 years ago by dmorton

  • Milestone 1.0.0 RC6 deleted

comment:2 Changed 13 years ago by rjl

  • Milestone set to 1.0.2
  • patch set to 0

comment:3 Changed 13 years ago by rjl

  • Status changed from new to assigned

comment:4 Changed 12 years ago by dmorton

  • Owner changed from rjl to dmorton
  • Status changed from assigned to new

I have had $key_file = ""; forever and no problem... commenting out the

line is ok too.

However, a missing key file is probably something that should be fatal, so I'm adding a die() to the config code. If encryption is truly needed, then we should not proceed any further.

comment:5 Changed 12 years ago by dmorton

  • Resolution set to fixed
  • Status changed from new to closed

[1132] made fatal error if file cannot open, and changed default value to

be commented out.

Note: See TracTickets for help on using tickets.