From e4b65dea76c1c01663a744ea42208ab0139380e1 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Tue, 22 Mar 2022 02:26:16 +0100
Subject: [PATCH] crypto: add IV overflow check

will never happen, but better play safe.
---
 src/borg/crypto/key.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
index 4e26b5263..ab8116591 100644
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@@ -732,11 +732,15 @@ class AEADKeyBase(KeyBase):
 
     logically_encrypted = True
 
+    MAX_IV = 2 ** 48 - 1
+
     def encrypt(self, id, data):
         # to encrypt new data in this session we use always self.cipher and self.sessionid
         data = self.compressor.compress(data)
         reserved = b'\0'
         iv = self.cipher.next_iv()
+        if iv > self.MAX_IV:  # see the data-structures docs about why the IV range is enough
+            raise IntegrityError("IV overflow, should never happen.")
         iv_48bit = iv.to_bytes(6, 'big')
         header = self.TYPE_STR + reserved + iv_48bit + self.sessionid
         return self.cipher.encrypt(data, header=header, iv=iv, aad=id)