mirror of https://github.com/borgbackup/borg.git
Merge pull request #8051 from ThomasWaldmann/corrupted-key-errmsg-1.4
better error msg for corrupted key data, fixes #8016
This commit is contained in:
commit
319441e75d
|
@ -603,7 +603,7 @@ Errors
|
|||
Failed to encode filename "{}" into file system encoding "{}". Consider configuring the LANG environment variable.
|
||||
|
||||
KeyfileInvalidError rc: 40 traceback: no
|
||||
Invalid key file for repository {} found in {}.
|
||||
Invalid key data for repository {} found in {}.
|
||||
KeyfileMismatchError rc: 41 traceback: no
|
||||
Mismatch between repository {} and key file {}.
|
||||
KeyfileNotFoundError rc: 42 traceback: no
|
||||
|
|
|
@ -72,7 +72,7 @@ class KeyfileNotFoundError(Error):
|
|||
|
||||
|
||||
class KeyfileInvalidError(Error):
|
||||
"""Invalid key file for repository {} found in {}."""
|
||||
"""Invalid key data for repository {} found in {}."""
|
||||
exit_mcode = 40
|
||||
|
||||
|
||||
|
@ -689,8 +689,14 @@ class KeyfileKeyBase(AESKeyBase):
|
|||
raise NotImplementedError
|
||||
|
||||
def _load(self, key_data, passphrase):
|
||||
cdata = binascii.a2b_base64(key_data)
|
||||
data = self.decrypt_key_file(cdata, passphrase)
|
||||
try:
|
||||
key = binascii.a2b_base64(key_data)
|
||||
except (ValueError, binascii.Error):
|
||||
raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)") from None
|
||||
if len(key) < 20:
|
||||
# this is in no way a precise check, usually we have about 400b key data.
|
||||
raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)")
|
||||
data = self.decrypt_key_file(key, passphrase)
|
||||
if data:
|
||||
data = msgpack.unpackb(data)
|
||||
key = Key(internal_dict=data)
|
||||
|
@ -805,9 +811,9 @@ class KeyfileKey(ID_HMAC_SHA_256, KeyfileKeyBase):
|
|||
key_b64 = ''.join(lines[1:])
|
||||
try:
|
||||
key = binascii.a2b_base64(key_b64)
|
||||
except binascii.Error:
|
||||
except (ValueError, binascii.Error):
|
||||
logger.warning(f"borg key sanity check: key line 2+ does not look like base64. [{filename}]")
|
||||
raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
|
||||
raise KeyfileInvalidError(self.repository._location.canonical_path(), filename) from None
|
||||
if len(key) < 20:
|
||||
# this is in no way a precise check, usually we have about 400b key data.
|
||||
logger.warning(f"borg key sanity check: binary encrypted key data from key line 2+ suspiciously short."
|
||||
|
|
Loading…
Reference in New Issue