From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup] sync: pull: fix double blob decoding when decrypting
Date: Sat, 25 Apr 2026 12:10:15 +0200 [thread overview]
Message-ID: <20260425101015.437816-1-c.ebner@proxmox.com> (raw)
Commit 2f94320db ("sync: pull: decrypt blob files on pull if
encryption key is configured") introduced the logic to decrypt
encrypted data blob contents from the source on the fly when pulling
with a matching decryption key.
This however incorrectly performs a double blob decoding, as the
DataBlobReader already checks and strips the header while reading the
raw data from file, the DataBlob::load_from_reader() therefore
chocking when trying to check the now missing header.
Fix this by fully relying on the DataBlobReader to check, decode and
decrypt the blob, and add the still missing finish() call to verify
the reader state after decoding. Only then construct the new
decrypted blob and pass individual slices for checksum calculation
and writing to file, as the former consumes the slice.
Reported-by: Markus Frank <m.frank@proxmox.com>
Reported-by: Erik Fastermann <e.fastermann@proxmox.com>
Reported-by: Shan Shaji <s.shaji@proxmox.com>
Reported-by: Dominik Csapak <d.csapak@proxmox.com>
Fixes: 2f94320db ("sync: pull: decrypt blob files on pull if encryption key is configured")
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
src/server/pull.rs | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/server/pull.rs b/src/server/pull.rs
index b4882718e..67ab70348 100644
--- a/src/server/pull.rs
+++ b/src/server/pull.rs
@@ -2,7 +2,7 @@
use std::collections::hash_map::Entry;
use std::collections::{HashMap, HashSet};
-use std::io::{BufReader, Seek};
+use std::io::{Read, Seek};
use std::os::fd::AsRawFd;
use std::sync::atomic::{AtomicU64, AtomicUsize, Ordering};
use std::sync::{Arc, Mutex};
@@ -582,12 +582,15 @@ async fn pull_single_archive<'a>(
let (csum, size) = tokio::task::spawn_blocking(move || {
// must rewind again since after verifying cursor is at the end of the file
tmpfile.rewind()?;
- let mut reader = BufReader::new(DataBlobReader::new(tmpfile, crypt_config)?);
- let blob = DataBlob::load_from_reader(&mut reader)?;
- let mut raw_blob = blob.raw_data();
+ let mut reader = DataBlobReader::new(tmpfile, crypt_config)?;
+ let mut dec_raw_data = Vec::new();
+ reader.read_to_end(&mut dec_raw_data)?;
+ reader.finish()?;
- let (csum, size) = sha256(&mut raw_blob)?;
- replace_file(tmp_dec_path, raw_blob, CreateOptions::new(), true)?;
+ let blob = DataBlob::encode(&dec_raw_data, None, true)?;
+
+ let (csum, size) = sha256(&mut blob.raw_data())?;
+ replace_file(tmp_dec_path, blob.raw_data(), CreateOptions::new(), true)?;
Ok((csum, size))
})
.await?
--
2.47.3
next reply other threads:[~2026-04-25 10:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-25 10:10 Christian Ebner [this message]
2026-04-25 12:02 ` applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260425101015.437816-1-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox