search

str4d / rage

A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org/v1
Apache License 2.0
2.53k stars 97 forks source link

Hard to understand error message when the identity file does not end with a \n #484

Closed douardda closed 1 week ago

douardda commented 7 months ago

Environment

What were you trying to do

decrypt a test content using the following command line:

 rage --decrypt --identity /tmp/tmpnq_roxuq --output - /tmp/encrypted.bin

with an identity file like:

$ hexdump /tmp/tmpnq_roxuq 
0000000 4741 2d45 4553 5243 5445 4b2d 5945 312d
0000010 4d4b 3636 3953 3959 3859 4747 4646 3354
0000020 5446 434a 5853 4b37 4855 4847 5a46 5343
0000030 5a50 4448 5335 3439 5a43 4639 4846 3734
0000040 3443 5341 5148 5737 4455               
000004a

(so the actual key without any trailing character)

What happened

Following error message:

$ rage --decrypt --identity /tmp/tmpnq_roxuq --output - /tmp/encrypted.bin
Error: Tried to reset after the underlying buffer was exceeded.

[ Did rage not do what you expected? Could an error be more useful? ]
[ Tell us: https://str4d.xyz/rage/report                            ]

This used to work with rage < 0.10.

Thank you

str4d commented 1 week ago

The error does go away when there is a newline present, but it also goes away when the identity file contains its usual comment header (and no trailing newline). So I think the issue is that the identity file parser, which needs to distinguish between three different possible file types (encrypted identity, SSH identity and native age identity) tries to read an entire line, and in the case of your file that results in the entire file being read, which messes with the assumptions being made about the underlying buffer being larger than the read.