From 61540eca4e955be4753fa7d01b2511ac33be52dd Mon Sep 17 00:00:00 2001
From: Brendan McMillion <brendan@cloudflare.com>
Date: Fri, 13 Nov 2015 16:19:41 -0800
Subject: [PATCH] Bug fixes from code audit. - Catch ignored error. - Make sure
 that key data exists in the EncryptedData object as well as in the key cache.

---
 cryptor/cryptor.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/cryptor/cryptor.go b/cryptor/cryptor.go
index b749e87..662aa57 100644
--- a/cryptor/cryptor.go
+++ b/cryptor/cryptor.go
@@ -68,8 +68,11 @@ func (u UserDatabase) ValidUser(name string) bool {
 }
 
 func (u UserDatabase) CanGetShare(name string) bool {
-	_, _, ok := u.cache.MatchUser(name, u.user, u.labels)
-	return ok
+	_, _, ok1 := u.cache.MatchUser(name, u.user, u.labels)
+	_, ok2 := u.shareSet[name]
+	_, ok3 := u.keySet[name]
+
+	return ok1 && ok2 && ok3
 }
 
 func (u UserDatabase) GetShare(name string) ([][]byte, error) {
@@ -355,6 +358,9 @@ func (encrypted *EncryptedData) wrapKey(records *passvault.Records, clearKey []b
 
 		for name, _ := range shareSet {
 			encrypted.KeySetRSA[name], err = generateRandomKey(name)
+			if err != nil {
+				return err
+			}
 			crypt, err := aes.NewCipher(encrypted.KeySetRSA[name].aesKey)
 			if err != nil {
 				return err