From: SangYoun Kwak Date: Fri, 12 Jul 2024 08:54:11 +0000 (+0900) Subject: update-manager: Fix finding checksum for a file X-Git-Tag: accepted/tizen/unified/20240731.160147~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F93%2F314493%2F7;p=platform%2Fcore%2Fsystem%2Fupdate-control.git update-manager: Fix finding checksum for a file The read_checksum_for() function reads checksum file and finds a checksum for the given file name. Checksum file is consisted with multiple lines, which contains checksum data and following file name like below: Previously, the file name is compared with first n bytes, which n is the length of file name searching for. (without following '\0') This may lead to faulty match of file name, below is an example: file name in checksum file: "abcd.efg.hi" file name searching for: "abcd.efg" With this condition, the previous code compares only 8 characters, which is the length of "abcd.efg" so the program considers it as matched. To fix this situation, checksum and file name are gained using strtok_r function with delimiter " \n" so the file name can be compared as a whole. Change-Id: Iaa14ce35f14b69b613881e375666adc3e5de739d Signed-off-by: SangYoun Kwak --- diff --git a/update-manager/common/common-util.c b/update-manager/common/common-util.c index f584398..20a911d 100644 --- a/update-manager/common/common-util.c +++ b/update-manager/common/common-util.c @@ -104,7 +104,8 @@ int util_file_write_line(const char *path, const char *msg) static int read_checksum_for(const char *checksum_path, const char *file_name, char *sha1_hex, size_t sha1_hex_len) { int result = -1; - if (sha1_hex_len != (2 * SHA1_LEN + 1)) { + + if (sha1_hex_len < (2 * SHA1_LEN + 1)) { _CLOGE("Checksum buffer too small"); return result; } @@ -116,23 +117,29 @@ static int read_checksum_for(const char *checksum_path, const char *file_name, c } char *line = NULL; - size_t line_len; + size_t line_len = 0; while (getline(&line, &line_len, checksum_fp) != -1) { - char *file = rindex(line, ' '); - if (!file || ! ++file) + char *saveptr = NULL; + char *checksum = NULL; + char *checksum_fname = NULL; + + checksum = strtok_r(line, " \n", &saveptr); + + if (checksum == NULL) continue; - if (strncmp(file, file_name, strlen(file_name)) == 0) { - char *saveptr; - char *checksum = strtok_r(line, " ", &saveptr); - if (!checksum) - continue; + if (strlen(checksum) != (2 * SHA1_LEN)) + continue; + + checksum_fname = strtok_r(NULL, " \n", &saveptr); - if (strlen(checksum) != 2 * SHA1_LEN) - continue; // the read checksum has an inappropriate size + if (checksum_fname == NULL) + continue; - strncpy(sha1_hex, checksum, sha1_hex_len); + if (strncmp(checksum_fname, file_name, strlen(file_name) + 1) == 0) { + strncpy(sha1_hex, checksum, sha1_hex_len - 1); + sha1_hex[sha1_hex_len - 1] = '\0'; result = 0; break; }