maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Detect and disallow base32 hash overflow

Browse source 
Example (before this commit):
$ nix-hash --type sha256 --to-base16 4n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0 \
    | xargs nix-hash --type sha256 --to-base32
0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0

It's a real-life example:
https://github.com/NixOS/nixpkgs/pull/20208/files#r86695567
This commit is contained in:
Vladimír Čunát 2016-11-06 22:13:35 +01:00
parent eec5409a69
commit 818aad3ec4
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libutil/hash.cc
View file

@ -165,7 +165,13 @@ Hash parseHash32(HashType ht, const string & s)
unsigned int i = b / 8; unsigned int i = b / 8;
unsigned int j = b % 8; unsigned int j = b % 8;
hash.hash[i] |= digit << j; hash.hash[i] |= digit << j;
if (i < hash.hashSize - 1) hash.hash[i + 1] |= digit >> (8 - j);
if (i < hash.hashSize - 1) {
hash.hash[i + 1] |= digit >> (8 - j);
} else {
if (digit >> (8 - j))
throw BadHash(format("invalid base-32 hash %1%") % s);
}
} }
return hash; return hash;