[PATCH opkg] libopkg: move file size check after checksum verification
Henrique de Moraes Holschuh
henrique at nic.br
Mon Aug 24 08:13:33 EDT 2020
On 24/08/2020 09:01, Baptiste Jonglez wrote:
> On 24-08-20, Henrique de Moraes Holschuh wrote:
>> On 24/08/2020 07:53, Baptiste Jonglez wrote:
>>> It is more user-friendly to tell the user that the checksum is wrong, so
>>> move the file size check at the end.
>>
>> It is also far more expensive in the failure case, not to mention the fact
>> that you're going to process data you KNOW to be wrong when you could have
>> easily avoided it.
>
> I agree, this leads to unnecessary processing in the failure case,
> i.e. when the size & checksum are wrong.
>
> However, this failure case is rather unexpected, and I doubt that a
> slightly higher processing time (if it is even measurable) is an issue
> when you are dealing with corrupted packages.
Give it an ultra-large sparse file as input, on purpose (attacker) or
due to corrupted filesystem with weird inode data. Suddenly, you would
be much happier had you checked the file size first (i.e. without this
change)...
IMHO, your proposed change should be backed by a strong reason that
offsets the increased risk. Again IMHO, the commit log doesn't
currently provide a strong enough reason.
But that's IMO. Let's wait for other opinions (or you could provide a
stronger reason to apply this change, perhaps?)
--
Henrique de Moraes Holschuh
www.nic.br
More information about the openwrt-devel
mailing list