use limited unpacker for outer key, fixes #2174 (#2790)

* use limited unpacker for outer key, fixes #2174

* fixup: higher inner key data size limit

(cherry picked from commit 9ca666907bc39d21e8a818027f9a1b5fb78b48fc)

borg/helpers.py

@@ -183,8 +183,16 @@ def get_limited_unpacker(kind):
                          object_hook=StableDict,
                          unicode_errors='surrogateescape',
                          ))
+    elif kind == 'key':
+        args.update(dict(use_list=True,  # default value
+                         max_array_len=0,  # not used
+                         max_map_len=10,  # EncryptedKey dict
+                         max_str_len=4000,  # inner key data
+                         object_hook=StableDict,
+                         unicode_errors='surrogateescape',
+                         ))
     else:
-        raise ValueError('kind must be "server", "client" or "manifest"')
+        raise ValueError('kind must be "server", "client", "manifest" or "key"')
     return msgpack.Unpacker(**args)
 
 

borg/key.py

@@ -481,7 +481,9 @@ class KeyfileKeyBase(AESKeyBase):
         return False
 
     def decrypt_key_file(self, data, passphrase):
-        d = msgpack.unpackb(data)
+        unpacker = get_limited_unpacker('key')
+        unpacker.feed(data)
+        d = unpacker.unpack()
         assert d[b'version'] == 1
         assert d[b'algorithm'] == b'sha256'
         key = passphrase.kdf(d[b'salt'], d[b'iterations'], 32)