[Yum-devel] [PATCH] Fail the checksum size checks on undersized, as well as oversized, data
Seth Vidal
skvidal at fedoraproject.org
Fri Sep 25 18:27:01 UTC 2009
On Fri, 25 Sep 2009, James Antill wrote:
> ---
> yum/misc.py | 5 +++--
> 1 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/yum/misc.py b/yum/misc.py
> index 9793180..16ffca0 100644
> --- a/yum/misc.py
> +++ b/yum/misc.py
> @@ -293,7 +293,8 @@ def checksum(sumtype, file, CHUNK=2**16, datasize=None):
>
> data = Checksums([sumtype])
> while data.read(fo, CHUNK):
> - pass
> + if datasize is not None and len(data) > datasize:
> + break
>
> if type(file) is types.StringType:
> fo.close()
> @@ -301,7 +302,7 @@ def checksum(sumtype, file, CHUNK=2**16, datasize=None):
>
> # This screws up the length, but that shouldn't matter. We only care
> # if this checksum == what we expect.
> - if datasize is not None and datasize > len(data):
> + if datasize is not None and datasize != len(data):
> return '!%u!%s' % (datasize, data.hexdigest(sumtype))
>
> return data.hexdigest(sumtype)
yah - that seems reasonable.
-sv
More information about the Yum-devel
mailing list