better error msg for corrupted key data, fixes #8016

2024-01-18 23:17:51 +01:00 · 2024-01-18 23:17:51 +01:00 · 83c069ce5a
parent 2d31b027c7
commit 83c069ce5a
2 changed files with 12 additions and 6 deletions
--- a/docs/internals/frontends.rst
+++ b/docs/internals/frontends.rst
@ -628,7 +628,7 @@ Errors
        Failed to encode filename "{}" into file system encoding "{}". Consider configuring the LANG environment variable.

    KeyfileInvalidError rc: 40 traceback: no
-        Invalid key file for repository {} found in {}.
+        Invalid key data for repository {} found in {}.
    KeyfileMismatchError rc: 41 traceback: no
        Mismatch between repository {} and key file {}.
    KeyfileNotFoundError rc: 42 traceback: no
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@ -53,7 +53,7 @@ class KeyfileNotFoundError(Error):


 class KeyfileInvalidError(Error):
-    """Invalid key file for repository {} found in {}."""
+    """Invalid key data for repository {} found in {}."""

    exit_mcode = 40

@ -381,8 +381,14 @@ class FlexiKey:
        return key

    def _load(self, key_data, passphrase):
-        cdata = binascii.a2b_base64(key_data)
-        data = self.decrypt_key_file(cdata, passphrase)
+        try:
+            key = binascii.a2b_base64(key_data)
+        except (ValueError, binascii.Error):
+            raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)") from None
+        if len(key) < 20:
+            # this is in no way a precise check, usually we have about 400b key data.
+            raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)")
+        data = self.decrypt_key_file(key, passphrase)
        if data:
            data = msgpack.unpackb(data)
            key = Key(internal_dict=data)
@ -567,9 +573,9 @@ class FlexiKey:
            key_b64 = "".join(lines[1:])
            try:
                key = binascii.a2b_base64(key_b64)
-            except binascii.Error:
+            except (ValueError, binascii.Error):
                logger.warning(f"borg key sanity check: key line 2+ does not look like base64. [{filename}]")
-                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename) from None
            if len(key) < 20:
                # this is in no way a precise check, usually we have about 400b key data.
                logger.warning(