| commit | 101d132c0703f06bfa6ecc1e6928b3d718db3a11 | |
| author | Shawn O. Pearce <spearce@spearce.org> | |
| Tue, 30 Sep 2008 03:54:47 +0000 (29 20:54 -0700) | ||
| committer | Robin Rosenberg <robin.rosenberg@dewire.com> | |
| Fri, 3 Oct 2008 06:22:55 +0000 (3 08:22 +0200) | ||
| tree | 6491913057b6d7bd98a212edc0a193485c97923f | treesnapshot (tar.gz zip) |
| parent | 4b7ff91a59b6b3f0ce783716b44cd518a06a4ae2 | commitdiff |
index-pack: Detect SHA-1 hash collisions to avoid replacing objects
When indexing a pack file coming in from the network there may
be an object contained in the pack that we already have. Its
only safe to retain that object in our newly stored pack if it
exactly matches the content we already have on disk. Storing
a different content for the same object name runs the risk of
allowing a malicious attacker to replace an object in our store.
Data validation is performed the first time we have the object
in memory, which occurs when we first compute its SHA-1. This
is the earliest opportunity we have to validate that there is
no collision, and it reduces the number of times we need to do
a read for an object. However our memory usage when we process
a whole object is now increased as the collision test is done
by loading the entire object into memory. Future improvements
may permit a streaming compare of the objects.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Robin Rosenberg <robin.rosenberg@dewire.com>
When indexing a pack file coming in from the network there may
be an object contained in the pack that we already have. Its
only safe to retain that object in our newly stored pack if it
exactly matches the content we already have on disk. Storing
a different content for the same object name runs the risk of
allowing a malicious attacker to replace an object in our store.
Data validation is performed the first time we have the object
in memory, which occurs when we first compute its SHA-1. This
is the earliest opportunity we have to validate that there is
no collision, and it reduces the number of times we need to do
a read for an object. However our memory usage when we process
a whole object is now increased as the collision test is done
by loading the entire object into memory. Future improvements
may permit a streaming compare of the objects.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Robin Rosenberg <robin.rosenberg@dewire.com>
| org.spearce.jgit/src/org/spearce/jgit/transport/IndexPack.java | diffblobblamehistory |