From 15855fbc5bb1c59bf9efc5221df2fb051a9d27c9 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 30 Apr 2012 10:07:29 -0400
Subject: Better error handling for crypt_data and also better password
 argument handling

---
 etc/inc/crypt.inc | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/crypt.inc b/etc/inc/crypt.inc
index 582a84c..8515c84 100644
--- a/etc/inc/crypt.inc
+++ b/etc/inc/crypt.inc
@@ -35,11 +35,16 @@
 	function crypt_data($val, $pass, $opt) {
 		$file = tempnam("/tmp", "php-encrypt");
 		file_put_contents("{$file}.dec", $val);
-		exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -k {$pass}");
-		$result = file_get_contents("{$file}.enc");
-		unlink($file);
-		unlink("{$file}.dec");
-		unlink("{$file}.enc");
+		exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -k " . escapeshellarg($pass));
+		if (file_exists("{$file}.enc"))
+			$result = file_get_contents("{$file}.enc");
+		else {
+			$result = "";
+			log_error("Failed to encrypt/decrypt data!");
+		}
+		@unlink($file);
+		@unlink("{$file}.dec");
+		@unlink("{$file}.enc");
 		return $result;
 	}
 
-- 
cgit v1.1