From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Wed, 6 Jul 2016 10:11:50 +0000 (+0300)
Subject: lib-dcrypt: Set stream_errno on istream-decrypt read failures.
X-Git-Tag: 2.2.26~498
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e16a00aeb29f855b31856e3e032bac5ad2a5764b;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Set stream_errno on istream-decrypt read failures.

Fixes assert-crashes that would happen otherwise.
---

diff --git a/src/lib-dcrypt/istream-decrypt.c b/src/lib-dcrypt/istream-decrypt.c
index ae39d0d5ab..d04b53ffb6 100644
--- a/src/lib-dcrypt/istream-decrypt.c
+++ b/src/lib-dcrypt/istream-decrypt.c
@@ -734,6 +734,7 @@ i_stream_decrypt_read(struct istream_private *stream)
 				    data, decrypt_size, &error)) {
 					io_stream_set_error(&stream->iostream,
 						"MAC error: %s", error);
+					stream->istream.stream_errno = EINVAL;
 					return -1;
 				}
 			}
@@ -747,10 +748,13 @@ i_stream_decrypt_read(struct istream_private *stream)
 				if (!dcrypt_ctx_hmac_final(dstream->ctx_mac, &db, &error)) {
 					io_stream_set_error(&stream->iostream,
 						"Cannot verify MAC: %s", error);
+					stream->istream.stream_errno = EINVAL;
+					return -1;
 				}
 				if (memcmp(dgst, data + decrypt_size, dcrypt_ctx_hmac_get_digest_length(dstream->ctx_mac)) != 0) {
 					io_stream_set_error(&stream->iostream,
 						"Cannot verify MAC: mismatch");
+					stream->istream.stream_errno = EINVAL;
 					return -1;
 				}
 			} else if ((dstream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {