bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [PATCH 23/27] Bugfix: Detect when a metalink:file doesn't hav


From: Matthew White
Subject: [Bug-wget] [PATCH 23/27] Bugfix: Detect when a metalink:file doesn't have any hash
Date: Thu, 29 Sep 2016 06:03:03 +0200

* src/metalink.c (retrieve_from_metalink): Reject any metalink:file
  without hashes. Prompt the error and switch to the next file
* testenv/Makefile.am: Add new file
* testenv/Test-metalink-xml-nohash.py: New file. Metalink/XML with no
  hashes tests

Prevent SIGSEGV.
---
 src/metalink.c                      |   9 +-
 testenv/Makefile.am                 |   1 +
 testenv/Test-metalink-xml-nohash.py | 180 ++++++++++++++++++++++++++++++++++++
 3 files changed, 189 insertions(+), 1 deletion(-)
 create mode 100755 testenv/Test-metalink-xml-nohash.py

diff --git a/src/metalink.c b/src/metalink.c
index 16e247d..0c77fa8 100644
--- a/src/metalink.c
+++ b/src/metalink.c
@@ -368,7 +368,8 @@ retrieve_from_metalink (const metalink_t* metalink)
         }
 
       /* Resources are sorted by priority.  */
-      for (mres_ptr = mfile->resources; *mres_ptr && !skip_mfile; mres_ptr++)
+      for (mres_ptr = mfile->resources;
+           *mres_ptr && mfile->checksums && !skip_mfile; mres_ptr++)
         {
           metalink_resource_t *mres = *mres_ptr;
           metalink_checksum_t **mchksum_ptr, *mchksum;
@@ -859,6 +860,12 @@ gpg_skip_verification:
             } /* endif RETR_OK.  */
         } /* Iterate over resources.  */
 
+      if (!mfile->checksums)
+        {
+          logprintf (LOG_NOTQUIET, _("No checksums found.\n"));
+          retr_err = METALINK_CHKSUM_ERROR;
+        }
+
       if (retr_err != RETROK)
         {
           logprintf (LOG_VERBOSE, _("Failed to download %s. Skipping 
resource.\n"),
diff --git a/testenv/Makefile.am b/testenv/Makefile.am
index ff9fe05..725b76b 100644
--- a/testenv/Makefile.am
+++ b/testenv/Makefile.am
@@ -51,6 +51,7 @@ if METALINK_IS_ENABLED
     Test-metalink-xml-homeprefix-trust.py           \
     Test-metalink-xml-emptyprefix-trust.py          \
     Test-metalink-xml-size.py                       \
+    Test-metalink-xml-nohash.py                     \
     Test-metalink-xml-nourls.py                     \
     Test-metalink-xml-urlbreak.py
 else
diff --git a/testenv/Test-metalink-xml-nohash.py 
b/testenv/Test-metalink-xml-nohash.py
new file mode 100755
index 0000000..3985918
--- /dev/null
+++ b/testenv/Test-metalink-xml-nohash.py
@@ -0,0 +1,180 @@
+#!/usr/bin/env python3
+from sys import exit
+from test.http_test import HTTPTest
+from misc.wget_file import WgetFile
+import hashlib
+
+"""
+    This is to test if Metalink/XML with no hashes generates a SIGSEGV.
+
+    With --trust-server-names, trust the metalink:file names.
+
+    Without --trust-server-names, don't trust the metalink:file names:
+    use the basename of --input-metalink, and add a sequential number
+    (e.g. .#1, .#2, etc.).
+
+    Strip the directory from unsafe paths.
+"""
+############# File Definitions ###############################################
+bad = "Ouch!"
+
+File1 = "Would you like some Tea?"
+File1_lowPref = "Do not take this"
+
+File2 = "This is gonna be good"
+File2_lowPref = "Not this one too"
+File2_sha256 = hashlib.sha256 (File2.encode ('UTF-8')).hexdigest ()
+
+File3 = "A little more, please"
+File3_lowPref = "That's just too much"
+
+File4 = "Maybe a biscuit?"
+File4_lowPref = "No, thanks"
+File4_sha256 = hashlib.sha256 (File4.encode ('UTF-8')).hexdigest ()
+
+File5 = "More Tea...?"
+File5_lowPref = "I have to go..."
+
+MetaXml = \
+"""<?xml version="1.0" encoding="utf-8"?>
+<metalink version="3.0" xmlns="http://www.metalinker.org/";>
+  <publisher>
+    <name>GNU Wget</name>
+  </publisher>
+  <license>
+    <name>GNU GPL</name>
+    <url>http://www.gnu.org/licenses/gpl.html</url>
+  </license>
+  <identity>Wget Test Files</identity>
+  <version>1.2.3</version>
+  <description>Wget Test Files description</description>
+  <files>
+    <file name="File1">
+      <resources>
+        <url type="http" 
preference="35">http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file</url>
+        <url type="http" 
preference="40">http://{{SRV_HOST}}:{{SRV_PORT}}/404</url>
+        <url type="http" 
preference="25">http://{{SRV_HOST}}:{{SRV_PORT}}/File1_lowPref</url>
+        <url type="http" 
preference="30">http://{{SRV_HOST}}:{{SRV_PORT}}/File1</url>
+      </resources>
+    </file>
+    <file name="File2">
+      <verification>
+        <hash type="sha256">{{FILE2_HASH}}</hash>
+      </verification>
+      <resources>
+        <url type="http" 
preference="35">http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file</url>
+        <url type="http" 
preference="40">http://{{SRV_HOST}}:{{SRV_PORT}}/404</url>
+        <url type="http" 
preference="25">http://{{SRV_HOST}}:{{SRV_PORT}}/File2_lowPref</url>
+        <url type="http" 
preference="30">http://{{SRV_HOST}}:{{SRV_PORT}}/File2</url>
+      </resources>
+    </file>
+    <file name="File3">
+      <verification>
+      </verification>
+      <resources>
+        <url type="http" 
preference="35">http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file</url>
+        <url type="http" 
preference="40">http://{{SRV_HOST}}:{{SRV_PORT}}/404</url>
+        <url type="http" 
preference="25">http://{{SRV_HOST}}:{{SRV_PORT}}/File3_lowPref</url>
+        <url type="http" 
preference="30">http://{{SRV_HOST}}:{{SRV_PORT}}/File3</url>
+      </resources>
+    </file>
+    <file name="File4">
+      <verification>
+        <hash type="sha256">{{FILE4_HASH}}</hash>
+      </verification>
+      <resources>
+        <url type="http" 
preference="35">http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file</url>
+        <url type="http" 
preference="40">http://{{SRV_HOST}}:{{SRV_PORT}}/404</url>
+        <url type="http" 
preference="25">http://{{SRV_HOST}}:{{SRV_PORT}}/File4_lowPref</url>
+        <url type="http" 
preference="30">http://{{SRV_HOST}}:{{SRV_PORT}}/File4</url>
+      </resources>
+    </file>
+    <file name="File5">
+      <verification>
+        <hash type="sha256"></hash>
+      </verification>
+      <resources>
+        <url type="http" 
preference="35">http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file</url>
+        <url type="http" 
preference="40">http://{{SRV_HOST}}:{{SRV_PORT}}/404</url>
+        <url type="http" 
preference="25">http://{{SRV_HOST}}:{{SRV_PORT}}/File5_lowPref</url>
+        <url type="http" 
preference="30">http://{{SRV_HOST}}:{{SRV_PORT}}/File5</url>
+      </resources>
+    </file>
+  </files>
+</metalink>
+"""
+
+wrong_file = WgetFile ("wrong_file", bad)
+
+File1_orig = WgetFile ("File1", File1)
+File1_nono = WgetFile ("File1_lowPref", File1_lowPref)
+
+File2_orig = WgetFile ("File2", File2)
+File2_down = WgetFile ("test.metalink.#2", File2)
+File2_nono = WgetFile ("File2_lowPref", File2_lowPref)
+
+File3_orig = WgetFile ("File3", File3)
+File3_nono = WgetFile ("File3_lowPref", File3_lowPref)
+
+File4_orig = WgetFile ("File4", File4)
+File4_down = WgetFile ("test.metalink.#4", File4)
+File4_nono = WgetFile ("File4_lowPref", File4_lowPref)
+
+File5_orig = WgetFile ("File5", File5)
+File5_nono = WgetFile ("File5_lowPref", File5_lowPref)
+
+MetaFile = WgetFile ("test.metalink", MetaXml)
+
+WGET_OPTIONS = "--input-metalink test.metalink"
+WGET_URLS = [[]]
+
+Files = [[
+    wrong_file,
+    File1_orig, File1_nono,
+    File2_orig, File2_nono,
+    File3_orig, File3_nono,
+    File4_orig, File4_nono,
+    File5_orig, File5_nono
+]]
+Existing_Files = [MetaFile]
+
+ExpectedReturnCode = 1
+ExpectedDownloadedFiles = [
+    File2_down,
+    File4_down,
+    MetaFile
+]
+
+################ Pre and Post Test Hooks #####################################
+pre_test = {
+    "ServerFiles"       : Files,
+    "LocalFiles"        : Existing_Files
+}
+test_options = {
+    "WgetCommands"      : WGET_OPTIONS,
+    "Urls"              : WGET_URLS
+}
+post_test = {
+    "ExpectedFiles"     : ExpectedDownloadedFiles,
+    "ExpectedRetcode"   : ExpectedReturnCode
+}
+
+http_test = HTTPTest (
+                pre_hook=pre_test,
+                test_params=test_options,
+                post_hook=post_test,
+)
+
+http_test.server_setup()
+### Get and use dynamic server sockname
+srv_host, srv_port = http_test.servers[0].server_inst.socket.getsockname ()
+
+MetaXml = MetaXml.replace('{{FILE2_HASH}}', File2_sha256)
+MetaXml = MetaXml.replace('{{FILE4_HASH}}', File4_sha256)
+MetaXml = MetaXml.replace('{{SRV_HOST}}', srv_host)
+MetaXml = MetaXml.replace('{{SRV_PORT}}', str (srv_port))
+MetaFile.content = MetaXml
+
+err = http_test.begin ()
+
+exit (err)
-- 
2.7.3




reply via email to

[Prev in Thread] Current Thread [Next in Thread]