From 51b66208f308215732fcf4478b5bc782e02662f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 25 Oct 2016 21:31:39 +0200
Subject: [PATCH] backup: verify if archive chunks are not reordered

Now, when file name is also integrity protected (prefixed to the
passphrase), we can make sure that input files are given in the same
order. And are parts of the same VM.

QubesOS/qubes-issues#971
---
 qubes/backup.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/qubes/backup.py b/qubes/backup.py
index 6e8f91b8..a1ed07fd 100644
--- a/qubes/backup.py
+++ b/qubes/backup.py
@@ -1303,7 +1303,19 @@ class ExtractWorker3(ExtractWorker2):
                 os.remove(filename)
                 continue
             else:
+                (basename, ext) = os.path.splitext(self.tar2_current_file)
+                previous_chunk_number = int(ext[1:])
+                expected_filename = basename + '.%03d' % (
+                    previous_chunk_number+1)
+                if expected_filename != filename:
+                    self.cleanup_tar2(wait=True, terminate=True)
+                    self.log.error(
+                        'Unexpected file in archive: {}, expected {}'.format(
+                            filename, expected_filename))
+                    os.remove(filename)
+                    continue
                 self.log.debug("Releasing next chunck")
+
             self.tar2_current_file = filename
 
             run_error = handle_streams(