From 54e905450e53ed9b21a4737a41a4550958570067 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Thu, 5 Sep 2019 13:36:41 +0200
Subject: [PATCH] Fix: Verification of checksum from file attr
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1700341
File copy could result in change in file attributes where
null-terminators are stripped out. The new code does not relly on it.
---
librepo/checksum.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/librepo/checksum.c b/librepo/checksum.c
index 006a7fc..5d164eb 100644
--- a/librepo/checksum.c
+++ b/librepo/checksum.c
@@ -221,18 +221,20 @@ lr_checksum_fd_compare(LrChecksumType type,
// Load cached checksum if enabled and used
struct stat st;
if (fstat(fd, &st) == 0) {
- ssize_t attr_ret;
_cleanup_free_ gchar *key = NULL;
char buf[256];
key = g_strdup_printf("user.Zif.MdChecksum[%llu]",
(unsigned long long) st.st_mtime);
- attr_ret = fgetxattr(fd, key, &buf, 256);
- if (attr_ret != -1) {
+ ssize_t attr_size = fgetxattr(fd, key, &buf, sizeof(buf));
+ if (attr_size != -1) {
// Cached checksum found
g_debug("%s: Using checksum cached in xattr: [%s] %s",
__func__, key, buf);
- *matches = strcmp(expected, buf) ? FALSE : TRUE;
+ size_t expected_len = strlen(expected);
+ // xattr may contain null terminator (+1 byte)
+ *matches = (attr_size == expected_len || attr_size == expected_len + 1) &&
+ memcmp(expected, buf, attr_size) == 0;
return TRUE;
}
}
--
2.21.0