Discarding MD5 array at image load time if its own checksum does not match.
This commit is contained in:
parent
40c39af271
commit
74198afa04
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
by Thomas Schmitt - mailto:scdbackup@gmx.net
|
by Thomas Schmitt - mailto:scdbackup@gmx.net
|
||||||
Libburnia project - mailto:libburn-hackers@pykix.org
|
Libburnia project - mailto:libburn-hackers@pykix.org
|
||||||
|
13 Aug 2009
|
||||||
|
|
||||||
|
|
||||||
MD5 is a 128 bit message digest with a very low probability to be the same for
|
MD5 is a 128 bit message digest with a very low probability to be the same for
|
||||||
@ -80,12 +81,12 @@ There are four parameters:
|
|||||||
gives the block address where the tag supposes itself to be stored.
|
gives the block address where the tag supposes itself to be stored.
|
||||||
If this does not match the block address where the tag is found then this
|
If this does not match the block address where the tag is found then this
|
||||||
either indicates that the tag is payload of the image or that the image has
|
either indicates that the tag is payload of the image or that the image has
|
||||||
been relocated. (The latter makes the image unuable.)
|
been relocated. (The latter makes the image unusable.)
|
||||||
|
|
||||||
range_start=
|
range_start=
|
||||||
The block address where the session is supposed to start. If this does not
|
The block address where the session is supposed to start. If this does not
|
||||||
match the session start on media then the image volume descriptors of the
|
match the session start on media then the image volume descriptors of the
|
||||||
image have been been relocated. (The latter can happen with the overwriteable
|
image have been been relocated. (The latter can happen with overwriteable
|
||||||
media.)
|
media.)
|
||||||
|
|
||||||
range_size=
|
range_size=
|
||||||
|
@ -2952,6 +2952,8 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
|
|||||||
uint32_t checksum_size;
|
uint32_t checksum_size;
|
||||||
size_t size;
|
size_t size;
|
||||||
uint8_t *rpt;
|
uint8_t *rpt;
|
||||||
|
void *ctx = NULL;
|
||||||
|
char md5[16];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (image == NULL || src == NULL || opts == NULL) {
|
if (image == NULL || src == NULL || opts == NULL) {
|
||||||
@ -3166,8 +3168,10 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
|
|||||||
if (ret > 0)
|
if (ret > 0)
|
||||||
if (checksum_size != 16 || strcmp(checksum_type, "MD5") != 0)
|
if (checksum_size != 16 || strcmp(checksum_type, "MD5") != 0)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
if (ret > 0) {
|
if (ret > 0 && image->checksum_idx_count > 1) {
|
||||||
size = image->checksum_idx_count / 128 + 1;
|
size = image->checksum_idx_count / 128;
|
||||||
|
if (size * 128 < image->checksum_idx_count)
|
||||||
|
size++;
|
||||||
image->checksum_array = calloc(size, 2048);
|
image->checksum_array = calloc(size, 2048);
|
||||||
if (image->checksum_array == NULL) {
|
if (image->checksum_array == NULL) {
|
||||||
ret = ISO_OUT_OF_MEM;
|
ret = ISO_OUT_OF_MEM;
|
||||||
@ -3179,8 +3183,30 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
|
|||||||
rpt = (uint8_t *) (image->checksum_array + i * 2048);
|
rpt = (uint8_t *) (image->checksum_array + i * 2048);
|
||||||
ret = src->read_block(src, image->checksum_end_lba + i, rpt);
|
ret = src->read_block(src, image->checksum_end_lba + i, rpt);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
|
goto import_cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Compute MD5 and compare with recorded MD5 */
|
||||||
|
ret = iso_md5_start(&ctx);
|
||||||
|
if (ret < 0) {
|
||||||
|
ret = ISO_OUT_OF_MEM;
|
||||||
goto import_revert;
|
goto import_revert;
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < image->checksum_idx_count - 1; i++)
|
||||||
|
iso_md5_compute(ctx, image->checksum_array + i * 16, 16);
|
||||||
|
iso_md5_end(&ctx, md5);
|
||||||
|
for (i = 0; i < 16; i++)
|
||||||
|
if (md5[i] != image->checksum_array[
|
||||||
|
(image->checksum_idx_count - 1) * 16 + i]
|
||||||
|
)
|
||||||
|
break;
|
||||||
|
if (i < 16) {
|
||||||
|
iso_msg_submit(image->id, ISO_MD5_ARRAY_CORRUPTED, 0,
|
||||||
|
"MD5 checksum array appears damaged and not trustworthy for verifications.");
|
||||||
|
free(image->checksum_array);
|
||||||
|
image->checksum_array = NULL;
|
||||||
|
image->checksum_idx_count = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3217,9 +3243,10 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
|
|||||||
#ifdef Libisofs_with_checksumS
|
#ifdef Libisofs_with_checksumS
|
||||||
if (old_checksum_array != NULL)
|
if (old_checksum_array != NULL)
|
||||||
free(old_checksum_array);
|
free(old_checksum_array);
|
||||||
|
if (ctx != NULL)
|
||||||
|
iso_md5_end(&ctx, md5);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5242,11 +5242,20 @@ int iso_md5_end(void **md5_context, char result[16]);
|
|||||||
#define ISO_FILE_IMGPATH_WRONG 0xD020FF70
|
#define ISO_FILE_IMGPATH_WRONG 0xD020FF70
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Offset greater than file size (FAILURE,HIGH, -145)
|
* Checksum array appears damaged and not trustworthy for verifications.
|
||||||
|
* (WARNING,HIGH, -145)
|
||||||
|
* @since 0.6.22
|
||||||
|
*/
|
||||||
|
#define ISO_MD5_ARRAY_CORRUPTED 0xD030FF6F
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Offset greater than file size (FAILURE,HIGH, -150)
|
||||||
* @since 0.6.4
|
* @since 0.6.4
|
||||||
*/
|
*/
|
||||||
#define ISO_FILE_OFFSET_TOO_BIG 0xE830FF6A
|
#define ISO_FILE_OFFSET_TOO_BIG 0xE830FF6A
|
||||||
|
|
||||||
|
|
||||||
/** Charset conversion error (FAILURE,HIGH, -256) */
|
/** Charset conversion error (FAILURE,HIGH, -256) */
|
||||||
#define ISO_CHARSET_CONV_ERROR 0xE830FF00
|
#define ISO_CHARSET_CONV_ERROR 0xE830FF00
|
||||||
|
|
||||||
|
@ -260,6 +260,8 @@ const char *iso_error_to_msg(int errcode)
|
|||||||
return "Cannot set global zisofs parameters while filters exist";
|
return "Cannot set global zisofs parameters while filters exist";
|
||||||
case ISO_ZLIB_EARLY_EOF:
|
case ISO_ZLIB_EARLY_EOF:
|
||||||
return "Premature EOF of zlib input stream";
|
return "Premature EOF of zlib input stream";
|
||||||
|
case ISO_MD5_ARRAY_CORRUPTED:
|
||||||
|
return "Checksum array appears damaged and not trustworthy for verifications";
|
||||||
default:
|
default:
|
||||||
return "Unknown error";
|
return "Unknown error";
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user