From patchwork Mon Aug 24 10:53:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Baptiste Jonglez X-Patchwork-Id: 1350237 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bitsofnetworks.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=aMurarCO; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BZpsp5bVrz9sRK for ; Mon, 24 Aug 2020 20:54:38 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=nQRWAoIOFRjxnjJo6zV10uq+HrlPOhsGYlFMSiUw1U0=; b=aMurarCOzb/Loguo2koWoaAo8x qWjKohkqFKWlu9qMmkLdOjLEGwZAjIcH2VrbkB6r9wLAnOs8moNtTIxnAG46Sqz7Fv8rJXQ6RrwC0 nUrV+9RWsBbUiIFGNHVRBxNgYDkxhHrGqRoctQ5evmQrewDUVgXYAM4OW+GcpSp3YIUxDy4rt2wCV mZWcAT9TjI1kjXUptLozpUrDMriAq9IEJhCvaZ/YzNAqmAtHE+b0Pf9tFpPYD2HoeBDzisNI4Zrnt azIrEL/AaMvEW6XTMwvVYokHRh7k7JqqEaHkMKVh6txGSossrGe0xPOBfLw4vH8MsdyP8/+m+r3Xc P6fNzRtA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kAA6K-0005Nf-Vn; Mon, 24 Aug 2020 10:53:21 +0000 Received: from mails.bitsofnetworks.org ([2001:912:1800:ff::131]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kAA6I-0005M8-IV for openwrt-devel@lists.openwrt.org; Mon, 24 Aug 2020 10:53:19 +0000 Received: from [2001:912:1800::5c8] (helo=localhost.localdomain) by mails.bitsofnetworks.org with esmtp (Exim 4.89) (envelope-from ) id 1kAA6C-0006Oz-VL; Mon, 24 Aug 2020 12:53:13 +0200 From: Baptiste Jonglez To: openwrt-devel@lists.openwrt.org Subject: [PATCH opkg] libopkg: move file size check after checksum verification Date: Mon, 24 Aug 2020 12:53:00 +0200 Message-Id: <20200824105300.392536-1-baptiste@bitsofnetworks.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200824_065318_786402_EBA8C113 X-CRM114-Status: GOOD ( 16.47 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baptiste Jonglez Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Baptiste Jonglez The file size check was added in cb6640381808dd ("libopkg: check for file size mismatches"). Its purpose is to provide an additional line of defense against hash collisions. It is more user-friendly to tell the user that the checksum is wrong, so move the file size check at the end. Signed-off-by: Baptiste Jonglez --- libopkg/opkg_install.c | 48 +++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c index 27c9484..183a1dc 100644 --- a/libopkg/opkg_install.c +++ b/libopkg/opkg_install.c @@ -1367,30 +1367,6 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade) } #endif - /* Check file size */ - err = lstat(local_filename, &pkg_stat); - - if (err) { - opkg_msg(ERROR, "Failed to stat %s: %s\n", - local_filename, strerror(errno)); - return -1; - } - - pkg_expected_size = pkg_get_int(pkg, PKG_SIZE); - - if (pkg_expected_size > 0 && pkg_stat.st_size != pkg_expected_size) { - if (!conf->force_checksum) { - opkg_msg(ERROR, - "Package size mismatch: %s is %lld bytes, expecting %lld bytes\n", - pkg->name, (long long int)pkg_stat.st_size, pkg_expected_size); - return -1; - } else { - opkg_msg(NOTICE, - "Ignored %s size mismatch.\n", - pkg->name); - } - } - /* Check for md5 values */ pkg_md5 = pkg_get_md5(pkg); if (pkg_md5) { @@ -1434,6 +1410,30 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade) free(file_sha256); } + /* Check file size */ + err = lstat(local_filename, &pkg_stat); + + if (err) { + opkg_msg(ERROR, "Failed to stat %s: %s\n", + local_filename, strerror(errno)); + return -1; + } + + pkg_expected_size = pkg_get_int(pkg, PKG_SIZE); + + if (pkg_expected_size > 0 && pkg_stat.st_size != pkg_expected_size) { + if (!conf->force_checksum) { + opkg_msg(ERROR, + "Package size mismatch: %s is %lld bytes, expecting %lld bytes\n", + pkg->name, (long long int)pkg_stat.st_size, pkg_expected_size); + return -1; + } else { + opkg_msg(NOTICE, + "Ignored %s size mismatch.\n", + pkg->name); + } + } + if (conf->download_only) { if (conf->nodeps == 0) { err = satisfy_dependencies_for(pkg);