src/bin/proxmox-backup-client.rs - restore: verify checksums

src/bin/proxmox-backup-client.rs

@@ -925,6 +925,44 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
     blob.verify_crc()?;
     let backup_index_data = blob.decode(crypt_config.clone())?;
     let backup_index: Value = serde_json::from_slice(&backup_index_data[..])?;
+    let files = backup_index["files"]
+        .as_array()
+        .ok_or_else(|| format_err!("mailformed index - missing 'files' property"))?;
+
+    let verify_index_file = |name: &str, csum: &[u8; 32], size: u64| -> Result<(), Error> {
+        let info = files.iter().find(|v| {
+            match v["filename"].as_str() {
+                Some(filename) => filename == name,
+                None => false,
+            }
+        });
+
+        let info = match info {
+            None => bail!("index does not contain file '{}'", name),
+            Some(info) => info,
+        };
+
+        match info["size"].as_u64() {
+            None => bail!("index does not contain property 'size' for file '{}'", name),
+            Some(expected_size) => {
+                if expected_size != size {
+                    bail!("verify index failed - wrong size for file '{}'", name);
+                }
+            }
+        };
+
+        match info["csum"].as_str() {
+            None => bail!("index does not contain property 'csum' for file '{}'", name),
+            Some(expected_csum) => {
+                let expected_csum = &proxmox::tools::hex_to_digest(expected_csum)?;
+                if expected_csum != csum {
+                    bail!("verify index failed - wrong checksum for file '{}'", name);
+                }
+            }
+        };
+
+        Ok(())
+    };
 
     if server_archive_name == INDEX_BLOB_NAME {
         if let Some(target) = target {
@@ -962,6 +1000,11 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
         let index = DynamicIndexReader::new(tmpfile)
             .map_err(|err| format_err!("unable to read dynamic index '{}' - {}", archive_name, err))?;
 
+        // Note: do not use values stored in index (not trusted) - instead, computed them again
+        let (csum, size) = index.compute_csum();
+
+        verify_index_file(&server_archive_name, &csum, size)?;
+
         let most_used = index.find_most_used_chunks(8);
 
         let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
@@ -994,6 +1037,11 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
         let index = FixedIndexReader::new(tmpfile)
             .map_err(|err| format_err!("unable to read fixed index '{}' - {}", archive_name, err))?;
 
+        // Note: do not use values stored in index (not trusted) - instead, computed them again
+        let (csum, size) = index.compute_csum();
+
+        verify_index_file(&server_archive_name, &csum, size)?;
+
         let most_used = index.find_most_used_chunks(8);
 
         let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);