portsnap: consistently add .gz extension on gunzip invocation
AbandonedPublic
Actions

Authored by emaste on Aug 26 2016, 12:24 AM.

Details

Reviewers

benno
allanjude
delphij
glebius
cperciva

Summary

gunzip attempts to open the file name as given, and if that does not exist attempts to open the file name with a .gz extension appended. Prior to this change, in all but one case portsnap appended the .gz extension when invoking gunzip, but did not in fetch_snapshot_verify. Thus it was possible that if two files ${F} and ${F}.gz both existed, ${F} will be used by fetch_snapshot_verify and ${F}.gz everywhere else. By appending the extension consistently we ensure that all cases process the same file.

Issue reported in the "non-cryptanalytic attacks against freebsd update components" anonymous gist.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

emaste updated this revision to Diff 19703.Aug 26 2016, 12:24 AM

emaste retitled this revision from to portsnap: consistently add .gz extension on gunzip invocation.

emaste updated this object.

emaste edited the test plan for this revision. (Show Details)

emaste added reviewers: cperciva, glebius, delphij, allanjude, benno.

delphij requested changes to this revision.Aug 26 2016, 12:26 AM

delphij edited edge metadata.

delphij added inline comments.

usr.sbin/portsnap/portsnap/portsnap.sh
654	We already have a similar change staged already, but slightly differently. (gunzip -c < snap/${F}.gz). This approach is better because it does not rely on gunzip's capability of detecting files.

This revision now requires changes to proceed.Aug 26 2016, 12:26 AM

emaste abandoned this revision.Aug 26 2016, 12:46 AM

delphij mentioned this in D7653: Use shell redirection for gzip invocations..Aug 26 2016, 2:14 AM