From patchwork Sun Sep 3 12:01:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Baptiste Jonglez X-Patchwork-Id: 809259 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="IteiLRAf"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xlWpJ6t9Tz9s7v for ; Sun, 3 Sep 2017 22:03:20 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=iknV0gSZ3OVowtdN+igG9ImGCjpJHUzY2YqCmiu/xkM=; b=IteiLRAf6ts7hn exR12G/TpZ4f3RiyJRJsltemgVWc/Tf7YJ/L9NYb4c8SUHE5UsHAGjWXl/B+gD2ai5RIKSH7noEeJ KzC732tlYe52VS8v7Jsy2GYpYzzR3FXTzswK1A57husLLghJ2TPSmSTtE42TDIBhS68OXFtBlFiZk hnphs8jlFgjFWd77T26KM9XWdgAdp/XSk2XT2yuGBuLZFc93PrmmVxlBazOATtl3+ixsyf9tbAksR TQYSlPTE7osRiD9//ThlNRFJ4msQCwFIqziHUDtj5BZM3Yhkvor1nUg87mCJu+u4yh5nKuYNCthK2 kzEM2/+avUv6sTrFq3vg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1doTcG-0008CI-G8; Sun, 03 Sep 2017 12:03:04 +0000 Received: from degre.six.polyno.me ([2a03:7220:8081:1a00::1] helo=mejis.polyno.me) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1doTcC-00089g-9Z for lede-dev@lists.infradead.org; Sun, 03 Sep 2017 12:03:02 +0000 Received: from [172.23.184.96] (helo=lud.polynome.dn42) by mejis.polyno.me with esmtp (Exim 4.80) (envelope-from ) id 1doTbi-0007MF-Pi; Sun, 03 Sep 2017 14:02:31 +0200 From: Baptiste Jonglez To: lede-dev@lists.infradead.org, Felix Fietkau Date: Sun, 3 Sep 2017 14:01:28 +0200 Message-Id: <20170903120129.2015-1-baptiste@bitsofnetworks.org> X-Mailer: git-send-email 2.14.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170903_050300_507976_0DB9F08B X-CRM114-Status: UNSURE ( 6.61 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Subject: [LEDE-DEV] [PATCH] scripts/download.pl: fail loudly if provided hash is unsupported X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baptiste Jonglez MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Baptiste Jonglez Currently, if the provided hash is unsupported (length different from 32 or 64 bytes), we happily download the requested file without any kind of checksum verification. This is quite dangerous and may provide a false sense of security, because a single typo in the hash (e.g. one character deleted by mistake) may skip checksum verification entirely. Instead, fail immediately if we don't support the provided hash. In particular, if an external package repository decides to change the hash algorithm one day, we will now fail loudly instead of skipping checksum verification without complaints. Note: if some users of scripts/download.pl knowingly provide an empty hash because they don't need checksum verification, this change will break them. This does not seem to be the case currently, but if this feature is ever needed, an option should be added to download.pl instead of relying on the hash being empty. Fixes: eaa4eba10a89 ("scripts/download.pl: add SHA-256 support") Signed-off-by: Baptiste Jonglez --- scripts/download.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/download.pl b/scripts/download.pl index bf9fe8c761..775408934a 100755 --- a/scripts/download.pl +++ b/scripts/download.pl @@ -88,6 +88,7 @@ sub download_cmd($) { } my $hash_cmd = hash_cmd(); +$hash_cmd or die "Cannot find appropriate hash command, ensure the provided hash is either a MD5 or SHA256 checksum.\n"; sub download {