Discarding MD5 array at image load time if its own checksum does not match.

libisofs/fs_image.c

@@ -2952,6 +2952,8 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
     uint32_t checksum_size;
     size_t size;
     uint8_t *rpt;
+    void *ctx = NULL;
+    char md5[16];
 #endif
 
     if (image == NULL || src == NULL || opts == NULL) {
@@ -3166,8 +3168,10 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
         if (ret > 0)
             if (checksum_size != 16 || strcmp(checksum_type, "MD5") != 0)
                 ret = 0;
-        if (ret > 0) {
-            size = image->checksum_idx_count / 128 + 1;
+        if (ret > 0 && image->checksum_idx_count > 1) {
+            size = image->checksum_idx_count / 128;
+            if (size * 128 < image->checksum_idx_count)
+                size++;
             image->checksum_array = calloc(size, 2048);
             if (image->checksum_array == NULL) {
                 ret = ISO_OUT_OF_MEM;
@@ -3179,7 +3183,29 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
                 rpt = (uint8_t *) (image->checksum_array + i * 2048);
                 ret = src->read_block(src, image->checksum_end_lba + i, rpt);
                 if (ret <= 0)
-                    goto import_revert;
+                    goto import_cleanup;
+            }
+
+            /* Compute MD5 and compare with recorded MD5 */
+            ret = iso_md5_start(&ctx);
+            if (ret < 0) {
+                ret = ISO_OUT_OF_MEM;
+                goto import_revert;
+            }
+            for (i = 0; i < image->checksum_idx_count - 1; i++)
+                iso_md5_compute(ctx, image->checksum_array + i * 16, 16);
+            iso_md5_end(&ctx, md5);
+            for (i = 0; i < 16; i++)
+                if (md5[i] != image->checksum_array[
+                                      (image->checksum_idx_count - 1) * 16 + i]
+                   )
+            break;
+            if (i < 16) {
+                iso_msg_submit(image->id, ISO_MD5_ARRAY_CORRUPTED, 0,
+  "MD5 checksum array appears damaged and not trustworthy for verifications.");
+                free(image->checksum_array);
+                image->checksum_array = NULL;
+                image->checksum_idx_count = 0;
             }
         }
     }
@@ -3217,9 +3243,10 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
 #ifdef Libisofs_with_checksumS
     if (old_checksum_array != NULL)
         free(old_checksum_array);
+    if (ctx != NULL)
+        iso_md5_end(&ctx, md5);
 #endif
 
-
     return ret;
 }
 

libisofs/libisofs.h

@@ -5242,11 +5242,20 @@ int iso_md5_end(void **md5_context, char result[16]);
 #define ISO_FILE_IMGPATH_WRONG          0xD020FF70
 
 /**
- * Offset greater than file size (FAILURE,HIGH, -145)
+ * Checksum array appears damaged and not trustworthy for verifications.
+ * (WARNING,HIGH, -145)
+ * @since 0.6.22
+*/
+#define ISO_MD5_ARRAY_CORRUPTED         0xD030FF6F
+
+
+/**
+ * Offset greater than file size (FAILURE,HIGH, -150)
  * @since 0.6.4
  */
 #define ISO_FILE_OFFSET_TOO_BIG         0xE830FF6A
 
+
 /** Charset conversion error (FAILURE,HIGH, -256) */
 #define ISO_CHARSET_CONV_ERROR          0xE830FF00
 

libisofs/messages.c

@@ -260,6 +260,8 @@ const char *iso_error_to_msg(int errcode)
         return "Cannot set global zisofs parameters while filters exist";
     case ISO_ZLIB_EARLY_EOF:
         return "Premature EOF of zlib input stream";
+    case ISO_MD5_ARRAY_CORRUPTED:
+        return "Checksum array appears damaged and not trustworthy for verifications";
     default:
         return "Unknown error";
     }