|
|
@@ -53,7 +53,7 @@ class KeyfileNotFoundError(Error):
|
|
|
|
|
|
|
|
|
class KeyfileInvalidError(Error):
|
|
|
- """Invalid key file for repository {} found in {}."""
|
|
|
+ """Invalid key data for repository {} found in {}."""
|
|
|
|
|
|
exit_mcode = 40
|
|
|
|
|
|
@@ -381,8 +381,14 @@ class FlexiKey:
|
|
|
return key
|
|
|
|
|
|
def _load(self, key_data, passphrase):
|
|
|
- cdata = binascii.a2b_base64(key_data)
|
|
|
- data = self.decrypt_key_file(cdata, passphrase)
|
|
|
+ try:
|
|
|
+ key = binascii.a2b_base64(key_data)
|
|
|
+ except (ValueError, binascii.Error):
|
|
|
+ raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)") from None
|
|
|
+ if len(key) < 20:
|
|
|
+ # this is in no way a precise check, usually we have about 400b key data.
|
|
|
+ raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)")
|
|
|
+ data = self.decrypt_key_file(key, passphrase)
|
|
|
if data:
|
|
|
data = msgpack.unpackb(data)
|
|
|
key = Key(internal_dict=data)
|
|
|
@@ -567,9 +573,9 @@ class FlexiKey:
|
|
|
key_b64 = "".join(lines[1:])
|
|
|
try:
|
|
|
key = binascii.a2b_base64(key_b64)
|
|
|
- except binascii.Error:
|
|
|
+ except (ValueError, binascii.Error):
|
|
|
logger.warning(f"borg key sanity check: key line 2+ does not look like base64. [{filename}]")
|
|
|
- raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
|
|
|
+ raise KeyfileInvalidError(self.repository._location.canonical_path(), filename) from None
|
|
|
if len(key) < 20:
|
|
|
# this is in no way a precise check, usually we have about 400b key data.
|
|
|
logger.warning(
|
Thomas Waldmann