You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/08/25 17:19:54 UTC

[couchdb] 01/01: Clear sensitive flag at end of public api functions

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch aegis-sensitive-false
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 340f3e9c714f3e15a00af038d81963e3e47bb45e
Author: Robert Newson <rn...@apache.org>
AuthorDate: Tue Aug 25 18:18:45 2020 +0100

    Clear sensitive flag at end of public api functions
---
 src/aegis/src/aegis_server.erl | 50 ++++++++++++++++++++++++++----------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/src/aegis/src/aegis_server.erl b/src/aegis/src/aegis_server.erl
index 2193262..eb635eb 100644
--- a/src/aegis/src/aegis_server.erl
+++ b/src/aegis/src/aegis_server.erl
@@ -60,25 +60,31 @@ start_link() ->
 -spec init_db(Db :: #{}, Options :: list()) -> boolean().
 init_db(#{uuid := UUID} = Db, Options) ->
     process_flag(sensitive, true),
-
-    case ?AEGIS_KEY_MANAGER:init_db(Db, Options) of
-        {ok, DbKey} ->
-            gen_server:call(?MODULE, {insert_key, UUID, DbKey}),
-            true;
-        false ->
-            false
+    try
+        case ?AEGIS_KEY_MANAGER:init_db(Db, Options) of
+            {ok, DbKey} ->
+                gen_server:call(?MODULE, {insert_key, UUID, DbKey}),
+                true;
+            false ->
+                false
+        end
+    after
+        process_flag(sensitive, false)
     end.
 
 
 -spec open_db(Db :: #{}) -> boolean().
 open_db(#{} = Db) ->
     process_flag(sensitive, true),
-
-    case do_open_db(Db) of
-        {ok, _DbKey} ->
-            true;
-        false ->
-            false
+    try
+        case do_open_db(Db) of
+            {ok, _DbKey} ->
+                true;
+            false ->
+                false
+        end
+    after
+        process_flag(sensitive, false)
     end.
 
 
@@ -101,9 +107,12 @@ encrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
             end;
         false ->
             process_flag(sensitive, true),
-
-            {ok, DbKey} = do_open_db(Db),
-            do_encrypt(DbKey, Db, Key, Value)
+            try
+                {ok, DbKey} = do_open_db(Db),
+                do_encrypt(DbKey, Db, Key, Value)
+            after
+                process_flag(sensitive, false)
+            end
     end.
 
 
@@ -126,9 +135,12 @@ decrypt(#{} = Db, Key, Value) when is_binary(Key), is_binary(Value) ->
             end;
         false ->
             process_flag(sensitive, true),
-
-            {ok, DbKey} = do_open_db(Db),
-            do_decrypt(DbKey, Db, Key, Value)
+            try
+                {ok, DbKey} = do_open_db(Db),
+                do_decrypt(DbKey, Db, Key, Value)
+            after
+                process_flag(sensitive, false)
+            end
     end.