From 7042bafea5febb54bb9590c7cd9d8869899cfa71 Mon Sep 17 00:00:00 2001 From: Michael Eischer Date: Tue, 31 Mar 2020 14:50:30 +0200 Subject: [PATCH] prune: Abort repacking when a pack contains a wrong blob If a blob in a pack file can be decrypted successfully but contains data that results in a different hash than stated in the header pack, then abort repacking. As both the pack header and the blob are cryptographically verified this either means than a malicious entity tampered with the backup or indicates hardware problems on the client. prune should fail with an error in both cases. --- internal/repository/repack.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/internal/repository/repack.go b/internal/repository/repack.go index 8fde5dd72..1d8426e48 100644 --- a/internal/repository/repack.go +++ b/internal/repository/repack.go @@ -2,8 +2,6 @@ package repository import ( "context" - "fmt" - "os" "github.com/restic/restic/internal/debug" "github.com/restic/restic/internal/errors" @@ -85,7 +83,7 @@ func Repack(ctx context.Context, repo restic.Repository, packs restic.IDSet, kee if !id.Equal(entry.ID) { debug.Log("read blob %v/%v from %v: wrong data returned, hash is %v", h.Type, h.ID, tempfile.Name(), id) - fmt.Fprintf(os.Stderr, "read blob %v from %v: wrong data returned, hash is %v", + return nil, errors.Errorf("read blob %v from %v: wrong data returned, hash is %v", h, tempfile.Name(), id) }