[PATCH opkg] libopkg: move file size check after checksum verification

Henrique de Moraes Holschuh henrique at nic.br
Mon Aug 24 07:48:09 EDT 2020


On 24/08/2020 07:53, Baptiste Jonglez wrote:
> The file size check was added in cb6640381808dd ("libopkg: check for file
> size mismatches").  Its purpose is to provide an additional line of
> defense against hash collisions.
> 
> It is more user-friendly to tell the user that the checksum is wrong, so
> move the file size check at the end.

It is also far more expensive in the failure case, not to mention the 
fact that you're going to process data you KNOW to be wrong when you 
could have easily avoided it.

This does NOT look like a good idea to me.

-- 
Henrique de Moraes Holschuh
Analista de Projetos
Centro de Estudos e Pesquisas em Tecnologias de Redes e Operações 
(Ceptro.br)
+55 11 5509-3537 R.:4023
INOC 22548*625
www.nic.br



More information about the openwrt-devel mailing list