[PATCH opkg] libopkg: move file size check after checksum verification

Baptiste Jonglez baptiste at bitsofnetworks.org
Mon Aug 24 08:01:20 EDT 2020


On 24-08-20, Henrique de Moraes Holschuh wrote:
> On 24/08/2020 07:53, Baptiste Jonglez wrote:
> > The file size check was added in cb6640381808dd ("libopkg: check for file
> > size mismatches").  Its purpose is to provide an additional line of
> > defense against hash collisions.
> > 
> > It is more user-friendly to tell the user that the checksum is wrong, so
> > move the file size check at the end.
> 
> It is also far more expensive in the failure case, not to mention the fact
> that you're going to process data you KNOW to be wrong when you could have
> easily avoided it.

I agree, this leads to unnecessary processing in the failure case,
i.e. when the size & checksum are wrong.

However, this failure case is rather unexpected, and I doubt that a
slightly higher processing time (if it is even measurable) is an issue
when you are dealing with corrupted packages.

In the general case where the checksum and size are right, this patch does
not change the processing cost.

Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200824/c0ae9042/attachment.sig>


More information about the openwrt-devel mailing list