Although pack-check.c had routine to verify the checksum for the
pack index file itself, the core did not check it before using
it.
This is stolen from the patch to tighten packname requirements.
Signed-off-by: Junio C Hamano <junkio@cox.net>
static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
void **idx_map_)
{
static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
void **idx_map_)
{
+ SHA_CTX ctx;
+ unsigned char sha1[20];
void *idx_map;
unsigned int *index;
unsigned long idx_size;
int nr, i;
void *idx_map;
unsigned int *index;
unsigned long idx_size;
int nr, i;
- int fd = open(path, O_RDONLY);
+
+ fd = open(path, O_RDONLY);
if (fd < 0)
return -1;
if (fstat(fd, &st)) {
if (fd < 0)
return -1;
if (fstat(fd, &st)) {
if (idx_size != 4*256 + nr * 24 + 20 + 20)
return error("wrong index file size");
if (idx_size != 4*256 + nr * 24 + 20 + 20)
return error("wrong index file size");
+ /*
+ * File checksum.
+ */
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, idx_map, idx_size-20);
+ SHA1_Final(sha1, &ctx);
+
+ if (memcmp(sha1, idx_map + idx_size - 20, 20))
+ return error("index checksum mismatch");
+
+ cp test-1-${packname_1}.pack test-3.pack &&
+ dd if=/dev/zero of=test-3.idx count=1 bs=1 conv=notrunc seek=1200 &&
+ if git-verify-pack test-3.pack
+ then false
+ else :;
+ fi &&
+