[tbb-commits] [tor-browser] 20/67: Bug 19121: reinstate the update.xml hash check

gitolite role git at cupani.torproject.org
Wed May 4 20:44:38 UTC 2022


This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch geckoview-96.0.3-11.0-1
in repository tor-browser.

commit ea54473f5f0e2066306670585d211afaffd78b2f
Author: Kathy Brade <brade at pearlcrescent.com>
AuthorDate: Mon Apr 23 15:22:57 2018 -0400

    Bug 19121: reinstate the update.xml hash check
    
    Revert most changes from Mozilla Bug 1373267 "Remove hashFunction and
    hashValue attributes from nsIUpdatePatch and code related to these
    attributes." Changes to the tests were not reverted; the tests have
    been changed significantly and we do not run automated updater tests
    for Tor Browser at this time.
    
    Also partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
    
    Revert the nsUpdateService.js changes from Mozilla Bug 862173 "don't
    verify mar file hash when using mar signing to verify the mar file
    (lessens main thread I/O)."
    
    Changes to the tests were not reverted; the tests have been changed
    significantly and we do not run automated updater tests for
    Tor Browser at this time.
    
    We kept the addition to the AppConstants API in case other JS code
    references it in the future.
---
 toolkit/modules/AppConstants.jsm            |  7 ++++
 toolkit/mozapps/update/UpdateService.jsm    | 63 ++++++++++++++++++++++++++++-
 toolkit/mozapps/update/UpdateTelemetry.jsm  |  1 +
 toolkit/mozapps/update/nsIUpdateService.idl | 11 +++++
 4 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm
index 6063e0f0887d4..431b23a8025a8 100644
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -212,6 +212,13 @@ this.AppConstants = Object.freeze({
   false,
 #endif
 
+  MOZ_VERIFY_MAR_SIGNATURE:
+#ifdef MOZ_VERIFY_MAR_SIGNATURE
+  true,
+#else
+  false,
+#endif
+
   MOZ_MAINTENANCE_SERVICE:
 #ifdef MOZ_MAINTENANCE_SERVICE
   true,
diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm
index ea89e5feee339..01d205139b25a 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -986,6 +986,20 @@ function LOG(string) {
   }
 }
 
+/**
+ * Convert a string containing binary values to hex.
+ */
+function binaryToHex(input) {
+  var result = "";
+  for (var i = 0; i < input.length; ++i) {
+    var hex = input.charCodeAt(i).toString(16);
+    if (hex.length == 1)
+      hex = "0" + hex;
+    result += hex;
+  }
+  return result;
+}
+
 /**
  * Gets the specified directory at the specified hierarchy under the
  * update root directory and creates it if it doesn't exist.
@@ -2019,6 +2033,8 @@ function UpdatePatch(patch) {
         }
         break;
       case "finalURL":
+      case "hashFunction":
+      case "hashValue":
       case "state":
       case "type":
       case "URL":
@@ -2038,6 +2054,8 @@ UpdatePatch.prototype = {
   // over writing nsIUpdatePatch attributes.
   _attrNames: [
     "errorCode",
+    "hashFunction",
+    "hashValue",
     "finalURL",
     "selected",
     "size",
@@ -2051,6 +2069,8 @@ UpdatePatch.prototype = {
    */
   serialize: function UpdatePatch_serialize(updates) {
     var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
+    patch.setAttribute("hashFunction", this.hashFunction);
+    patch.setAttribute("hashValue", this.hashValue);
     patch.setAttribute("size", this.size);
     patch.setAttribute("type", this.type);
     patch.setAttribute("URL", this.URL);
@@ -5158,7 +5178,42 @@ Downloader.prototype = {
     }
 
     LOG("Downloader:_verifyDownload downloaded size == expected size.");
-    return true;
+    let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
+                     createInstance(Ci.nsIFileInputStream);
+    fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0);
+
+    let digest;
+    try {
+      let hash = Cc["@mozilla.org/security/hash;1"].
+                 createInstance(Ci.nsICryptoHash);
+      var hashFunction = Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
+      if (hashFunction == undefined) {
+        throw Cr.NS_ERROR_UNEXPECTED;
+      }
+      hash.init(hashFunction);
+      hash.updateFromStream(fileStream, -1);
+      // NOTE: For now, we assume that the format of _patch.hashValue is hex
+      // encoded binary (such as what is typically output by programs like
+      // sha1sum).  In the future, this may change to base64 depending on how
+      // we choose to compute these hashes.
+      digest = binaryToHex(hash.finish(false));
+    } catch (e) {
+      LOG("Downloader:_verifyDownload - failed to compute hash of the " +
+          "downloaded update archive");
+      digest = "";
+    }
+
+    fileStream.close();
+
+    if (digest == this._patch.hashValue.toLowerCase()) {
+      LOG("Downloader:_verifyDownload hashes match.");
+      return true;
+    }
+
+    LOG("Downloader:_verifyDownload hashes do not match. ");
+    AUSTLMY.pingDownloadCode(this.isCompleteUpdate,
+                             AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH);
+    return false;
   },
 
   /**
@@ -5740,6 +5795,9 @@ Downloader.prototype = {
           " is higher than patch size: " +
           this._patch.size
       );
+      // It's important that we use a different code than
+      // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
+      // between a hash error and a wrong download error.
       AUSTLMY.pingDownloadCode(
         this.isCompleteUpdate,
         AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER
@@ -5758,6 +5816,9 @@ Downloader.prototype = {
           " is not equal to expected patch size: " +
           this._patch.size
       );
+      // It's important that we use a different code than
+      // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
+      // between a hash error and a wrong download error.
       AUSTLMY.pingDownloadCode(
         this.isCompleteUpdate,
         AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL
diff --git a/toolkit/mozapps/update/UpdateTelemetry.jsm b/toolkit/mozapps/update/UpdateTelemetry.jsm
index 51c25ca051fff..e6a2f980fef32 100644
--- a/toolkit/mozapps/update/UpdateTelemetry.jsm
+++ b/toolkit/mozapps/update/UpdateTelemetry.jsm
@@ -195,6 +195,7 @@ var AUSTLMY = {
   DWNLD_ERR_VERIFY_NO_REQUEST: 13,
   DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14,
   DWNLD_ERR_WRITE_FAILURE: 15,
+  DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16,
   // Temporary failure code to see if there are failures without an update phase
   DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40,
 
diff --git a/toolkit/mozapps/update/nsIUpdateService.idl b/toolkit/mozapps/update/nsIUpdateService.idl
index 3acead84c112c..c14a78ff3d708 100644
--- a/toolkit/mozapps/update/nsIUpdateService.idl
+++ b/toolkit/mozapps/update/nsIUpdateService.idl
@@ -39,6 +39,17 @@ interface nsIUpdatePatch : nsISupports
    */
   attribute AString finalURL;
 
+  /**
+   * The hash function to use when determining this file's integrity
+   */
+  attribute AString hashFunction;
+
+  /**
+   * The value of the hash function named above that should be computed if
+   * this file is not corrupt.
+   */
+  attribute AString hashValue;
+
   /**
    * The size of this file, in bytes.
    */

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tbb-commits mailing list