From d2c47b383762f5510badcf7f12c9295331fca4da Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 24 Nov 2020 22:09:15 +0100
Subject: [PATCH] pbs add/update: do basic key value validation

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 PVE/Storage/PBSPlugin.pm | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/PVE/Storage/PBSPlugin.pm b/PVE/Storage/PBSPlugin.pm
index e046e99..3e66bfc 100644
--- a/PVE/Storage/PBSPlugin.pm
+++ b/PVE/Storage/PBSPlugin.pm
@@ -391,9 +391,14 @@ sub on_add_hook {
     }
 
     if (defined(my $encryption_key = $param{'encryption-key'})) {
+	my $decoded_key;
 	if ($encryption_key eq 'autogen') {
 	    $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
 	} else {
+	    $decoded_key = eval { decode_json($encryption_key) };
+	    if ($@ || !exists($decoded_key->{data})) {
+		die "Value does not seems like a valid, JSON formatted encryption key!\n";
+	    }
 	    pbs_set_encryption_key($scfg, $storeid, $encryption_key);
 	    $res->{'encryption-key'} = $encryption_key;
 	}
@@ -420,9 +425,14 @@ sub on_update_hook {
 
     if (exists($param{'encryption-key'})) {
 	if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
+	    my $decoded_key;
 	    if ($encryption_key eq 'autogen') {
 		$res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
 	    } else {
+		$decoded_key = eval { decode_json($encryption_key) };
+		if ($@ || !exists($decoded_key->{data})) {
+		    die "Value does not seems like a valid, JSON formatted encryption key!\n";
+		}
 		pbs_set_encryption_key($scfg, $storeid, $encryption_key);
 		$res->{'encryption-key'} = $encryption_key;
 	    }
-- 
2.39.2