@@ -8,7 +8,7 @@ use std::fs::File;
use std::io::Read;
use std::ops::{Deref, DerefMut};
use std::os::fd::{AsFd, AsRawFd, FromRawFd};
-use std::panic::Location;
+use std::panic::{AssertUnwindSafe, Location};
use std::rc::Weak;
use std::{
path::{Path, PathBuf},
@@ -23,7 +23,7 @@ use async_task::Runnable;
use calloop::channel::Channel;
use calloop::{EventLoop, LoopHandle, LoopSignal};
use flume::{Receiver, Sender};
-use futures::channel::oneshot;
+use futures::{channel::oneshot, future::FutureExt};
use parking_lot::Mutex;
use util::ResultExt;
@@ -489,7 +489,12 @@ impl<P: LinuxClient + 'static> Platform for P {
let username = attributes
.get("username")
.ok_or_else(|| anyhow!("Cannot find username in stored credentials"))?;
- let secret = item.secret().await?;
+ // oo7 panics if the retrieved secret can't be decrypted due to
+ // unexpected padding.
+ let secret = AssertUnwindSafe(item.secret())
+ .catch_unwind()
+ .await
+ .map_err(|_| anyhow!("oo7 panicked while trying to read credentials"))??;
// we lose the zeroizing capabilities at this boundary,
// a current limitation GPUI's credentials api