Merge pull request #8051 from ThomasWaldmann/corrupted-key-errmsg-1.4

better error msg for corrupted key data, fixes #8016
borgbackup · Jan 18, 2024 · 319441e · 319441e
2 parents 06f6136 + dbbccf9
commit 319441e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/docs/internals/frontends.rst b/docs/internals/frontends.rst
@@ -603,7 +603,7 @@ Errors
         Failed to encode filename "{}" into file system encoding "{}". Consider configuring the LANG environment variable.
 
     KeyfileInvalidError rc: 40 traceback: no
-        Invalid key file for repository {} found in {}.
+        Invalid key data for repository {} found in {}.
     KeyfileMismatchError rc: 41 traceback: no
         Mismatch between repository {} and key file {}.
     KeyfileNotFoundError rc: 42 traceback: no

diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
@@ -72,7 +72,7 @@ class KeyfileNotFoundError(Error):
 
 
 class KeyfileInvalidError(Error):
-    """Invalid key file for repository {} found in {}."""
+    """Invalid key data for repository {} found in {}."""
     exit_mcode = 40
 
 
@@ -689,8 +689,14 @@ def load(self, target, passphrase):
         raise NotImplementedError
 
     def _load(self, key_data, passphrase):
-        cdata = binascii.a2b_base64(key_data)
-        data = self.decrypt_key_file(cdata, passphrase)
+        try:
+            key = binascii.a2b_base64(key_data)
+        except (ValueError, binascii.Error):
+            raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)") from None
+        if len(key) < 20:
+            # this is in no way a precise check, usually we have about 400b key data.
+            raise KeyfileInvalidError(self.repository._location.canonical_path(), "(repokey)")
+        data = self.decrypt_key_file(key, passphrase)
         if data:
             data = msgpack.unpackb(data)
             key = Key(internal_dict=data)
@@ -805,9 +811,9 @@ def sanity_check(self, filename, id):
             key_b64 = ''.join(lines[1:])
             try:
                 key = binascii.a2b_base64(key_b64)
-            except binascii.Error:
+            except (ValueError, binascii.Error):
                 logger.warning(f"borg key sanity check: key line 2+ does not look like base64. [{filename}]")
-                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename) from None
             if len(key) < 20:
                 # this is in no way a precise check, usually we have about 400b key data.
                 logger.warning(f"borg key sanity check: binary encrypted key data from key line 2+ suspiciously short."