From ca67c56222e56bc75481b3c35cd46943164edcff Mon Sep 17 00:00:00 2001
From: Jack Robison <jackrobison@lbry.io>
Date: Mon, 26 Nov 2018 14:01:14 -0500
Subject: [PATCH] catch decryption errors and verify seed is valid upon decrypt

---
 torba/client/baseaccount.py | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/torba/client/baseaccount.py b/torba/client/baseaccount.py
index c3665111c..bfa8e2637 100644
--- a/torba/client/baseaccount.py
+++ b/torba/client/baseaccount.py
@@ -309,11 +309,26 @@ class BaseAccount:
 
     def decrypt(self, password: str) -> None:
         assert self.encrypted, "Key is not encrypted."
-        self.seed, self.seed_encryption_init_vector = aes_decrypt(password, self.seed)
-        pk_string, self.private_key_encryption_init_vector = aes_decrypt(password, self.private_key_string)
-        self.private_key = from_extended_key_string(
-            self.ledger, pk_string
-        )
+        try:
+            seed, seed_iv = aes_decrypt(password, self.seed)
+            pk_string, pk_iv = aes_decrypt(password, self.private_key_string)
+        except ValueError:  # failed to remove padding, password is wrong
+            return
+        try:
+            Mnemonic().mnemonic_decode(seed)
+        except IndexError:  # failed to decode the seed, this either means it decrypted and is invalid
+                            # or that we hit an edge case where an incorrect password gave valid padding
+            return
+        try:
+            private_key = from_extended_key_string(
+                self.ledger, pk_string
+            )
+        except (TypeError, ValueError):
+            return
+        self.seed = seed
+        self.seed_encryption_init_vector = seed_iv
+        self.private_key = private_key
+        self.private_key_encryption_init_vector = pk_iv
         self.password = password
         self.encrypted = False