[tor-browser/tor-browser-45.1.0esr-6.0-1] Bug 19121: reinstate the update.xml hash check

20 May 2016

commit c179270e049f085ec8ae1ad443dd1b1fe1084728
Author: Kathy Brade <brade@pearlcrescent.com>
Date:   Fri May 20 11:08:51 2016 -0400

    Bug 19121: reinstate the update.xml hash check
    
    This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
    
    Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
    when using mar signing to verify the mar file (lessens main thread I/O)."
    
    We kept the addition to the AppConstants API in case other JS code
    references it in the future.
---
 toolkit/mozapps/update/nsUpdateService.js                      |  7 -------
 .../chrome/test_0061_check_verifyFailPartial_noComplete.xul    |  4 ++--
 .../chrome/test_0062_check_verifyFailComplete_noPartial.xul    |  4 ++--
 .../tests/chrome/test_0063_check_verifyFailPartialComplete.xul |  6 +++---
 .../test_0064_check_verifyFailPartial_successComplete.xul      |  4 ++--
 .../chrome/test_0071_notify_verifyFailPartial_noComplete.xul   |  4 ++--
 .../chrome/test_0072_notify_verifyFailComplete_noPartial.xul   |  4 ++--
 .../chrome/test_0073_notify_verifyFailPartialComplete.xul      |  6 +++---
 .../test_0074_notify_verifyFailPartial_successComplete.xul     |  4 ++--
 .../chrome/test_0084_error_patchApplyFailure_verify_failed.xul |  2 +-
 toolkit/mozapps/update/tests/chrome/update.sjs                 | 10 +++++-----
 .../update/tests/unit_aus_update/downloadAndHashCheckMar.js    |  8 +-------
 12 files changed, 25 insertions(+), 38 deletions(-)

diff --git a/toolkit/mozapps/update/nsUpdateService.js b/toolkit/mozapps/update/nsUpdateService.js
index e12636d..4495210 100644
--- a/toolkit/mozapps/update/nsUpdateService.js
+++ b/toolkit/mozapps/update/nsUpdateService.js
@@ -3714,13 +3714,6 @@ Downloader.prototype = {
     }
 
     LOG("Downloader:_verifyDownload downloaded size == expected size.");
-
-    // The hash check is not necessary when mar signatures are used to verify
-    // the downloaded mar file.
-    if (AppConstants.MOZ_VERIFY_MAR_SIGNATURE) {
-      return true;
-    }
-
     let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
                      createInstance(Ci.nsIFileInputStream);
     fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0);
diff --git a/toolkit/mozapps/update/tests/chrome/test_0061_check_verifyFailPartial_noComplete.xul b/toolkit/mozapps/update/tests/chrome/test_0061_check_verifyFailPartial_noComplete.xul
index ba2347c..fe877ee 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0061_check_verifyFailPartial_noComplete.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0061_check_verifyFailPartial_noComplete.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: update check, basic, download, and errors (partial patch with an invalid size)"
+<window title="Update Wizard pages: update check, basic, download, and errors (partial patch with an invalid hash)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -35,7 +35,7 @@ function runTest() {
   debugDump("entering");
 
   let url = URL_HTTP_UPDATE_XML + "?showDetails=1&partialPatchOnly=1" +
-            "&invalidPartialSize=1" + getVersionParams();
+            "&invalidPartialHash=1" + getVersionParams();
   setUpdateURLOverride(url);
 
   gUP.checkForUpdates();
diff --git a/toolkit/mozapps/update/tests/chrome/test_0062_check_verifyFailComplete_noPartial.xul b/toolkit/mozapps/update/tests/chrome/test_0062_check_verifyFailComplete_noPartial.xul
index 731a258..39c63c6 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0062_check_verifyFailComplete_noPartial.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0062_check_verifyFailComplete_noPartial.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: update check, basic, download, and errors (complete patch with an invalid size)"
+<window title="Update Wizard pages: update check, basic, download, and errors (complete patch with an invalid hash)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -35,7 +35,7 @@ function runTest() {
   debugDump("entering");
 
   let url = URL_HTTP_UPDATE_XML + "?showDetails=1&completePatchOnly=1" +
-            "&invalidCompleteSize=1" + getVersionParams();
+            "&invalidCompleteHash=1" + getVersionParams();
   setUpdateURLOverride(url);
 
   gUP.checkForUpdates();
diff --git a/toolkit/mozapps/update/tests/chrome/test_0063_check_verifyFailPartialComplete.xul b/toolkit/mozapps/update/tests/chrome/test_0063_check_verifyFailPartialComplete.xul
index 65071bc..16ec709 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0063_check_verifyFailPartialComplete.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0063_check_verifyFailPartialComplete.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: update check, basic, download, and errors (partial and complete patches with invalid sizes)"
+<window title="Update Wizard pages: update check, basic, download, and errors (partial and complete patches with invalid hashes)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -34,8 +34,8 @@ const TESTS = [ {
 function runTest() {
   debugDump("entering");
 
-  let url = URL_HTTP_UPDATE_XML + "?showDetails=1&invalidPartialSize=1" +
-            "&invalidCompleteSize=1" + getVersionParams();
+  let url = URL_HTTP_UPDATE_XML + "?showDetails=1&invalidPartialHash=1" +
+            "&invalidCompleteHash=1" + getVersionParams();
   setUpdateURLOverride(url);
 
   gUP.checkForUpdates();
diff --git a/toolkit/mozapps/update/tests/chrome/test_0064_check_verifyFailPartial_successComplete.xul b/toolkit/mozapps/update/tests/chrome/test_0064_check_verifyFailPartial_successComplete.xul
index 6bb0eb8..73b9351 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0064_check_verifyFailPartial_successComplete.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0064_check_verifyFailPartial_successComplete.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: update check, basic, download, and finished (partial patch with an invalid size and successful complete patch)"
+<window title="Update Wizard pages: update check, basic, download, and finished (partial patch with an invalid hash and successful complete patch)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -34,7 +34,7 @@ const TESTS = [ {
 function runTest() {
   debugDump("entering");
 
-  let url = URL_HTTP_UPDATE_XML + "?showDetails=1&invalidPartialSize=1" +
+  let url = URL_HTTP_UPDATE_XML + "?showDetails=1&invalidPartialHash=1" +
             getVersionParams();
   setUpdateURLOverride(url);
 
diff --git a/toolkit/mozapps/update/tests/chrome/test_0071_notify_verifyFailPartial_noComplete.xul b/toolkit/mozapps/update/tests/chrome/test_0071_notify_verifyFailPartial_noComplete.xul
index 8c09a67..ce087a9 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0071_notify_verifyFailPartial_noComplete.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0071_notify_verifyFailPartial_noComplete.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: errors (partial patch with an invalid size)"
+<window title="Update Wizard pages: errors (partial patch with an invalid hash)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -27,7 +27,7 @@ const TESTS = [ {
 function runTest() {
   debugDump("entering");
 
-  let patches = getLocalPatchString("partial", null, null, null, "1234", null,
+  let patches = getLocalPatchString("partial", null, null, "1234", null, null,
                                     STATE_DOWNLOADING);
   let updates = getLocalUpdateString(patches, null, null, null,
                                      Services.appinfo.version,
diff --git a/toolkit/mozapps/update/tests/chrome/test_0072_notify_verifyFailComplete_noPartial.xul b/toolkit/mozapps/update/tests/chrome/test_0072_notify_verifyFailComplete_noPartial.xul
index 67f4556..01f4a2c 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0072_notify_verifyFailComplete_noPartial.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0072_notify_verifyFailComplete_noPartial.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: errors (complete patch with an invalid size)"
+<window title="Update Wizard pages: errors (complete patch with an invalid hash)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -27,7 +27,7 @@ const TESTS = [ {
 function runTest() {
   debugDump("entering");
 
-  let patches = getLocalPatchString("complete", null, null, null, "1234", null,
+  let patches = getLocalPatchString("complete", null, null, "1234", null, null,
                                     STATE_DOWNLOADING);
   let updates = getLocalUpdateString(patches, null, null, null,
                                      Services.appinfo.version,
diff --git a/toolkit/mozapps/update/tests/chrome/test_0073_notify_verifyFailPartialComplete.xul b/toolkit/mozapps/update/tests/chrome/test_0073_notify_verifyFailPartialComplete.xul
index 8e9814e..ffa8048 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0073_notify_verifyFailPartialComplete.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0073_notify_verifyFailPartialComplete.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: errors (partial and complete patches with invalid sizes)"
+<window title="Update Wizard pages: errors (partial and complete patches with invalid hashes)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -27,9 +27,9 @@ const TESTS = [ {
 function runTest() {
   debugDump("entering");
 
-  let patches = getLocalPatchString("partial", null, null, null, "1234", null,
+  let patches = getLocalPatchString("partial", null, null, "1234", null, null,
                                     STATE_DOWNLOADING) +
-                getLocalPatchString("complete", null, null, null, "1234",
+                getLocalPatchString("complete", null, null, "1234", null,
                                     "false");
   let updates = getLocalUpdateString(patches, null, null, null,
                                      Services.appinfo.version,
diff --git a/toolkit/mozapps/update/tests/chrome/test_0074_notify_verifyFailPartial_successComplete.xul b/toolkit/mozapps/update/tests/chrome/test_0074_notify_verifyFailPartial_successComplete.xul
index 1f5799e..708c6bf 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0074_notify_verifyFailPartial_successComplete.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0074_notify_verifyFailPartial_successComplete.xul
@@ -8,7 +8,7 @@
 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
 
-<window title="Update Wizard pages: finishedBackground (partial patch with an invalid size and successful complete patch)"
+<window title="Update Wizard pages: finishedBackground (partial patch with an invalid hash and successful complete patch)"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="runTestDefault();">
 <script type="application/javascript"
@@ -27,7 +27,7 @@ const TESTS = [ {
 function runTest() {
   debugDump("entering");
 
-  let patches = getLocalPatchString("partial", null, null, null, "1234", null,
+  let patches = getLocalPatchString("partial", null, null, "1234", null, null,
                                     STATE_DOWNLOADING) +
                 getLocalPatchString("complete", null, null, null, null,
                                     "false");
diff --git a/toolkit/mozapps/update/tests/chrome/test_0084_error_patchApplyFailure_verify_failed.xul b/toolkit/mozapps/update/tests/chrome/test_0084_error_patchApplyFailure_verify_failed.xul
index 6b742ad..8861e24 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0084_error_patchApplyFailure_verify_failed.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0084_error_patchApplyFailure_verify_failed.xul
@@ -42,7 +42,7 @@ function runTest() {
   let patches = getLocalPatchString("partial", null, null, null, null, null,
                                     STATE_PENDING) +
                 getLocalPatchString("complete", slowDownloadURL, "MD5",
-                                    null, "1234",
+                                    "1234cd43a1c77e30191c53a329a3f99d", null,
                                     "false");
   let updates = getLocalUpdateString(patches, null, null, null,
                                      Services.appinfo.version,
diff --git a/toolkit/mozapps/update/tests/chrome/update.sjs b/toolkit/mozapps/update/tests/chrome/update.sjs
index e054384..0f1e6ac 100644
--- a/toolkit/mozapps/update/tests/chrome/update.sjs
+++ b/toolkit/mozapps/update/tests/chrome/update.sjs
@@ -112,18 +112,18 @@ function handleRequest(aRequest, aResponse) {
     return;
   }
 
-  let size;
+  let hash;
   let patches = "";
   if (!params.partialPatchOnly) {
-    size = SIZE_SIMPLE_MAR + (params.invalidCompleteSize ? "1" : "");
+    hash = SHA512_HASH_SIMPLE_MAR + (params.invalidCompleteHash ? "e" : "");
     patches += getRemotePatchString("complete", SERVICE_URL, "SHA512",
-                                    SHA512_HASH_SIMPLE_MAR, size);
+                                    hash, SIZE_SIMPLE_MAR);
   }
 
   if (!params.completePatchOnly) {
-    size = SIZE_SIMPLE_MAR + (params.invalidPartialSize ? "1" : "");
+    hash = SHA512_HASH_SIMPLE_MAR + (params.invalidPartialHash ? "e" : "");
     patches += getRemotePatchString("partial", SERVICE_URL, "SHA512",
-                                    SHA512_HASH_SIMPLE_MAR, size);
+                                    hash, SIZE_SIMPLE_MAR);
   }
 
   let type = params.type ? params.type : "major";
diff --git a/toolkit/mozapps/update/tests/unit_aus_update/downloadAndHashCheckMar.js b/toolkit/mozapps/update/tests/unit_aus_update/downloadAndHashCheckMar.js
index 8727e37..c6b2f81 100644
--- a/toolkit/mozapps/update/tests/unit_aus_update/downloadAndHashCheckMar.js
+++ b/toolkit/mozapps/update/tests/unit_aus_update/downloadAndHashCheckMar.js
@@ -23,13 +23,7 @@ function run_test() {
   // The mock XMLHttpRequest is MUCH faster
   overrideXHR(callHandleEvent);
   standardInit();
-  // Only perform the non hash check tests when mar signing is enabled since the
-  // update service doesn't perform hash checks when mar signing is enabled.
-  if (IS_MAR_CHECKS_ENABLED) {
-    do_execute_soon(run_test_pt11);
-  } else {
-    do_execute_soon(run_test_pt1);
-  }
+  do_execute_soon(run_test_pt1);
 }
 
 // The HttpServer must be stopped before calling do_test_finished

    

gk＠torproject.org

tags

participants (1)