1
0
mirror of https://github.com/openbsd/src.git synced 2024-12-22 16:42:56 -08:00

as noticed by sdk@, a package with an exact numbers of 64K chunks would

produce a spurious error (so 1 chance in 2^26)

It's like read/write: we need to recognize 0 as EOF and not try to checksum
a non-existing block.

while there, also make sure that we got all the signed blocks at EOF
before exit(0)

Note that none of those two bugs affect the actual security of signed
packages: the basic assertion that only signed data gets written
through the pipe is still 100% valid !

but it's a good idea to not emit spurious messages for valid files, and also
to recognize truncated files !

okay tb@ (thanks a lot)
This commit is contained in:
espie 2023-04-29 10:08:18 +00:00
parent 2c93903033
commit 2f4de9035d

View File

@ -1,4 +1,4 @@
/* $OpenBSD: zsig.c,v 1.18 2019/12/22 06:37:25 espie Exp $ */
/* $OpenBSD: zsig.c,v 1.19 2023/04/29 10:08:18 espie Exp $ */
/*
* Copyright (c) 2016 Marc Espie <espie@openbsd.org>
*
@ -160,6 +160,8 @@ copy_blocks(int fdout, int fdin, const char *sha, const char *endsha,
if (more == 0)
break;
}
if (n == 0)
break;
SHA512_256Data(buffer, n, output);
if (endsha - sha < SHA512_256_DIGEST_STRING_LENGTH-1)
errx(4, "signature truncated");
@ -172,6 +174,8 @@ copy_blocks(int fdout, int fdin, const char *sha, const char *endsha,
if (n != bufsize)
break;
}
if (endsha != sha)
errx(4, "file truncated");
free(buffer);
}