Bug 96261 - FILEOPEN: Calc warns of a “corrupt file” when the real error is a mistyped password
Summary: FILEOPEN: Calc warns of a “corrupt file” when the real error is a mistyped pa...
Status: RESOLVED DUPLICATE of bug 89236
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
5.0.2.2 release
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
: 97912 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-12-05 07:35 UTC by paulparker
Modified: 2016-04-05 13:53 UTC (History)
7 users (show)

See Also:
Crash report or crash signature:

Attachments
broken test file, password is "p" (26.51 KB, application/vnd.oasis.opendocument.spreadsheet)
2016-02-27 14:42 UTC, Matúš Kukan 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description paulparker 2015-12-05 07:35:33 UTC 
When opening password-protected calc file then mistype password am seeing this ERROR message:    

    **The file 'Deleted.ods' is corrupt and therefore cannot be opened. LibreOffice can try to repair the file.
The corruption could be the result of document manipulation or of structural document damage due to data transmission.
We recommend that you do not trust the content of the repaired document.
Execution of macros is disabled for this document.
Should LibreOffice repair the file?**

Attempt to repair the file may or may not work. 
Self restored from BackUp copies a few times, suspected then realized ERROR was NOT corrupt file, rather mistyped password error.  

ERROR consistent when type an incorrect password,  then when type carefully file opens OK. 

If the message CORRUPT FILE correct, then is misleading whilst message PASSWORD FAILED would be closer to the problem.  

Can libreoffice identify these as different errors ? 




This happening since recently upgraded libreoffice  to:  
Name: libreoffice
Version: 5.0.2.2-1.2
Arch: x86_64
Vendor: openSUSE
Installed: Yes
Status: up-to-date
Comment 1 Joel Madero 2015-12-05 16:08:36 UTC 
Bodhi Moksha
LibreOffice 5.0.2.2

No problem - correct dialog comes up indicating password is wrong.

Does this happen on a brand new document for you? Can you attach a sample?
Comment 2 raal 2015-12-05 17:20:11 UTC 
Hello,
is it duplicate of bug 89236?
Comment 3 paulparker 2015-12-06 04:12:20 UTC 
(In reply to raal from comment #2)
> Hello,
> is it duplicate of bug 89236?

Seems to be a duplicate of bug89236. 

Why see returned "you can try to repair the file" and not a password incorrect message is the puzzle.
Comment 4 paulparker 2015-12-06 04:25:33 UTC 
(In reply to paulparker from comment #3)
> (In reply to raal from comment #2)
> > Hello,
> > is it duplicate of bug 89236?
> 
> Seems to be a duplicate of bug89236. 
> 
> Why see returned "you can try to repair the file" and not a password
> incorrect message is the puzzle.

Sent without this: 

While similar to bug 89235, not sure same, as appears to be INCORRECT password generating incorrect response.

Changing subject from FILEOPEN to FILESAVE not appear related, as problem found when doing FILEOPEN.   

Will check for lock files  [eg .~lock.DELETED.ods# ] for a while.
Comment 5 Maxim Monastirsky 2015-12-06 08:53:44 UTC 
Please attach the document that shows this behavior. We can't proceed with this bug report otherwise.
Comment 6 Maxim Monastirsky 2016-02-17 11:59:37 UTC 
*** Bug 97912 has been marked as a duplicate of this bug. ***
Comment 7 Matúš Kukan 2016-02-27 14:42:43 UTC 
Created attachment 123039 [details]
broken test file, password is "p"

It can be seen with attached file, which is document from bug 89236 attachment 113239 [details] saved with LibreOffice 5.0.4.2. Password is "p".
Comment 8 Matúš Kukan 2016-02-27 14:55:05 UTC 
The problem is that the file is indeed corrupt - saved with buggy LibreOffice version. And the corruption is in that we can't detect password correctness ;)

We can just try to decrypt file and
- if the password was correct, it just works :)
- if the password was wrong, we get nonsense data and LibreOffice complains about "corrupt file". But we can't know if the data was meant to be wrong or it's just because of wrong password used.

So, I am afraid there is not much we can do here.
Comment 9 paulparker 2016-02-27 23:40:49 UTC 
IMHO required is change to "Error Message" to ensure WARN users result "Either Corrupt File OR Incorrect Password"   

Reminds users ensure used correct password, in case of typo's.
Comment 10 Joel Madero 2016-02-28 01:17:21 UTC 
(In reply to paulparker from comment #9)
> IMHO required is change to "Error Message" to ensure WARN users result
> "Either Corrupt File OR Incorrect Password"   
> 
> Reminds users ensure used correct password, in case of typo's.

Part of me wonders if this is actually worse. What if someone is trying to guess your password - having a generic error message is IMHO better at dissuading such people from continuing to guess. Once it says "incorrect password" the potential breacher knows it's just a matter of guessing more (vs. the file being corrupted and thus they give up)....
Comment 11 paulparker 2016-02-28 02:59:43 UTC 
Acknowledge it may be worse...  IMHO those not so technical may need the hint.

Technical not nice hackers may assume every error just an incorrect password and keep working on it.


.
Comment 12 Harald Koester 2016-04-05 13:53:26 UTC 
The bug has already been produced during saving of the document. Meanwhile this bug has been fixed (bug 89236) for the versions 5.0.5 and 5.1.0. If you open the test file with these versions, change it a bit, close it and reopen it again with a wrong password, the message is now correct.

*** This bug has been marked as a duplicate of bug 89236 ***