SHA: Add a runtime sanity check that sha commands output something that appears to be a real sha.
This after fielding a bug where git-annex was built with a sha256 program whose output checked out, but was then run with one that output lines like: SHA256 (file) = <sha here> Which it then parsed as having a SHA256 of "SHA256"! Now the output of the command is required to be of the right length, and contain only the right characters.
This commit is contained in:
Joey Hess
parent
53f1d36b35
commit
cda0ed5d25
2 changed files with 24 additions and 2 deletions
|
|
@ -57,8 +57,9 @@ shaN shasize file filesize = do
|
|||
showAction "checksum"
|
||||
case shaCommand shasize filesize of
|
||||
Left sha -> liftIO $ sha <$> L.readFile file
|
||||
Right command -> liftIO $ parse command . lines <$>
|
||||
readsha command (toCommand [File file])
|
||||
Right command -> liftIO $
|
||||
sanitycheck command . parse command . lines <$>
|
||||
readsha command (toCommand [File file])
|
||||
where
|
||||
parse command [] = bad command
|
||||
parse command (l:_)
|
||||
|
|
@ -69,6 +70,7 @@ shaN shasize file filesize = do
|
|||
where
|
||||
sha = fst $ separate (== ' ') l
|
||||
bad command = error $ command ++ " parse error"
|
||||
|
||||
{- sha commands output the filename, so need to set fileEncoding -}
|
||||
readsha command args =
|
||||
withHandle StdoutHandle createProcessSuccess p $ \h -> do
|
||||
|
|
@ -79,6 +81,24 @@ shaN shasize file filesize = do
|
|||
where
|
||||
p = (proc command args) { std_out = CreatePipe }
|
||||
|
||||
{- Check that we've correctly parsing the output of the command,
|
||||
- by making sure the sha we read is of the expected length. -}
|
||||
sanitycheck command sha
|
||||
| length sha /= expectedlen =
|
||||
error $ "Failed to parse the output of " ++ command
|
||||
| any (`notElem` "0123456789abcdef") sha' =
|
||||
error $ "Unexpected character in output of " ++ command ++ "\"" ++ sha ++ "\""
|
||||
| otherwise = sha'
|
||||
where
|
||||
sha' = map toLower sha
|
||||
expectedlen = case shasize of
|
||||
1 -> 40
|
||||
256 -> 64
|
||||
512 -> 128
|
||||
224 -> 56
|
||||
384 -> 96
|
||||
_ -> 0
|
||||
|
||||
shaCommand :: SHASize -> Integer -> Either (L.ByteString -> String) String
|
||||
shaCommand shasize filesize
|
||||
| shasize == 1 = use SysConfig.sha1 sha1
|
||||
|
|
|
|||
2
debian/changelog
vendored
2
debian/changelog
vendored
|
|
@ -15,6 +15,8 @@ git-annex (4.20130502) UNRELEASED; urgency=low
|
|||
* git-annex-shell: Ensure that received files can be read. Files
|
||||
transferred from some Android devices may have very broken permissions
|
||||
as received.
|
||||
* SHA: Add a runtime sanity check that sha commands output something
|
||||
that appears to be a real sha.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Thu, 02 May 2013 20:39:19 -0400
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue