Discarding MD5 array at image load time if its own checksum does not match.

This commit is contained in:
Thomas Schmitt 2009-08-13 21:41:30 +02:00
parent 40c39af271
commit 74198afa04
4 changed files with 46 additions and 7 deletions

View File

@ -3,6 +3,7 @@
by Thomas Schmitt - mailto:scdbackup@gmx.net by Thomas Schmitt - mailto:scdbackup@gmx.net
Libburnia project - mailto:libburn-hackers@pykix.org Libburnia project - mailto:libburn-hackers@pykix.org
13 Aug 2009
MD5 is a 128 bit message digest with a very low probability to be the same for MD5 is a 128 bit message digest with a very low probability to be the same for
@ -80,12 +81,12 @@ There are four parameters:
gives the block address where the tag supposes itself to be stored. gives the block address where the tag supposes itself to be stored.
If this does not match the block address where the tag is found then this If this does not match the block address where the tag is found then this
either indicates that the tag is payload of the image or that the image has either indicates that the tag is payload of the image or that the image has
been relocated. (The latter makes the image unuable.) been relocated. (The latter makes the image unusable.)
range_start= range_start=
The block address where the session is supposed to start. If this does not The block address where the session is supposed to start. If this does not
match the session start on media then the image volume descriptors of the match the session start on media then the image volume descriptors of the
image have been been relocated. (The latter can happen with the overwriteable image have been been relocated. (The latter can happen with overwriteable
media.) media.)
range_size= range_size=

View File

@ -2952,6 +2952,8 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
uint32_t checksum_size; uint32_t checksum_size;
size_t size; size_t size;
uint8_t *rpt; uint8_t *rpt;
void *ctx = NULL;
char md5[16];
#endif #endif
if (image == NULL || src == NULL || opts == NULL) { if (image == NULL || src == NULL || opts == NULL) {
@ -3166,8 +3168,10 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
if (ret > 0) if (ret > 0)
if (checksum_size != 16 || strcmp(checksum_type, "MD5") != 0) if (checksum_size != 16 || strcmp(checksum_type, "MD5") != 0)
ret = 0; ret = 0;
if (ret > 0) { if (ret > 0 && image->checksum_idx_count > 1) {
size = image->checksum_idx_count / 128 + 1; size = image->checksum_idx_count / 128;
if (size * 128 < image->checksum_idx_count)
size++;
image->checksum_array = calloc(size, 2048); image->checksum_array = calloc(size, 2048);
if (image->checksum_array == NULL) { if (image->checksum_array == NULL) {
ret = ISO_OUT_OF_MEM; ret = ISO_OUT_OF_MEM;
@ -3179,8 +3183,30 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
rpt = (uint8_t *) (image->checksum_array + i * 2048); rpt = (uint8_t *) (image->checksum_array + i * 2048);
ret = src->read_block(src, image->checksum_end_lba + i, rpt); ret = src->read_block(src, image->checksum_end_lba + i, rpt);
if (ret <= 0) if (ret <= 0)
goto import_cleanup;
}
/* Compute MD5 and compare with recorded MD5 */
ret = iso_md5_start(&ctx);
if (ret < 0) {
ret = ISO_OUT_OF_MEM;
goto import_revert; goto import_revert;
} }
for (i = 0; i < image->checksum_idx_count - 1; i++)
iso_md5_compute(ctx, image->checksum_array + i * 16, 16);
iso_md5_end(&ctx, md5);
for (i = 0; i < 16; i++)
if (md5[i] != image->checksum_array[
(image->checksum_idx_count - 1) * 16 + i]
)
break;
if (i < 16) {
iso_msg_submit(image->id, ISO_MD5_ARRAY_CORRUPTED, 0,
"MD5 checksum array appears damaged and not trustworthy for verifications.");
free(image->checksum_array);
image->checksum_array = NULL;
image->checksum_idx_count = 0;
}
} }
} }
@ -3217,9 +3243,10 @@ int iso_image_import(IsoImage *image, IsoDataSource *src,
#ifdef Libisofs_with_checksumS #ifdef Libisofs_with_checksumS
if (old_checksum_array != NULL) if (old_checksum_array != NULL)
free(old_checksum_array); free(old_checksum_array);
if (ctx != NULL)
iso_md5_end(&ctx, md5);
#endif #endif
return ret; return ret;
} }

View File

@ -5242,11 +5242,20 @@ int iso_md5_end(void **md5_context, char result[16]);
#define ISO_FILE_IMGPATH_WRONG 0xD020FF70 #define ISO_FILE_IMGPATH_WRONG 0xD020FF70
/** /**
* Offset greater than file size (FAILURE,HIGH, -145) * Checksum array appears damaged and not trustworthy for verifications.
* (WARNING,HIGH, -145)
* @since 0.6.22
*/
#define ISO_MD5_ARRAY_CORRUPTED 0xD030FF6F
/**
* Offset greater than file size (FAILURE,HIGH, -150)
* @since 0.6.4 * @since 0.6.4
*/ */
#define ISO_FILE_OFFSET_TOO_BIG 0xE830FF6A #define ISO_FILE_OFFSET_TOO_BIG 0xE830FF6A
/** Charset conversion error (FAILURE,HIGH, -256) */ /** Charset conversion error (FAILURE,HIGH, -256) */
#define ISO_CHARSET_CONV_ERROR 0xE830FF00 #define ISO_CHARSET_CONV_ERROR 0xE830FF00

View File

@ -260,6 +260,8 @@ const char *iso_error_to_msg(int errcode)
return "Cannot set global zisofs parameters while filters exist"; return "Cannot set global zisofs parameters while filters exist";
case ISO_ZLIB_EARLY_EOF: case ISO_ZLIB_EARLY_EOF:
return "Premature EOF of zlib input stream"; return "Premature EOF of zlib input stream";
case ISO_MD5_ARRAY_CORRUPTED:
return "Checksum array appears damaged and not trustworthy for verifications";
default: default:
return "Unknown error"; return "Unknown error";
} }