From 202104ede6cec3e811f3b8a4cdf23c2eb5981f47 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <philipp.gesang@intra2net.com>
Date: Thu, 24 Aug 2017 16:48:32 +0200
Subject: [PATCH] ignore GCM tag mismatch in scan mode

Header info is assumed unreliable during rescue so a tag mismatch
must not result in a bad object.
---
 deltatar/crypto.py |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/deltatar/crypto.py b/deltatar/crypto.py
index a5d08c4..d4dd770 100755
--- a/deltatar/crypto.py
+++ b/deltatar/crypto.py
@@ -600,6 +600,8 @@ def try_decrypt (ifd, off, hdr, secret, ofd=-1):
 
     Always creates a fresh decryptor, so validation steps across objects don’t
     apply.
+
+    Errors during GCM tag validation are ignored.
     """
     ctleft = hdr ["ctsize"]
     pos    = off
@@ -625,7 +627,11 @@ def try_decrypt (ifd, off, hdr, secret, ofd=-1):
             pt     = decr.process (cnk)
             if ofd != -1:
                 os.write (ofd, pt)
-        pt = decr.done ()
+        try:
+            pt = decr.done ()
+        except InvalidGCMTag:
+            noise ("PDT: GCM tag mismatch for object %d–%d"
+                   % (off, off + hdr ["ctsize"]))
         if len (pt) > 0 and ofd != -1:
             os.write (ofd, pt)
 
-- 
1.7.1