immutable: prevent clients from reading past the end of share data, which would allow them to learn the cancellation secret

Declare explicitly that we prevent this problem in the server's version dict.
fixes #1528 (there are two patches that are each a sufficient fix to #1528 and this is one of them)
This commit is contained in:
Zooko O'Whielacronx 2011-09-12 15:24:58 -07:00
parent 5476f67dc1
commit 20e2910c61
2 changed files with 3 additions and 4 deletions

View File

@ -83,11 +83,9 @@ class ShareFile:
def read_share_data(self, offset, length): def read_share_data(self, offset, length):
precondition(offset >= 0) precondition(offset >= 0)
# reads beyond the end of the data are truncated. Reads that start # reads beyond the end of the data are truncated. Reads that start
# beyond the end of the data return an empty string. I wonder why # beyond the end of the data return an empty string.
# Python doesn't do the following computation for me?
seekpos = self._data_offset+offset seekpos = self._data_offset+offset
fsize = os.path.getsize(self.home) actuallength = max(0, min(length, self._lease_offset-seekpos))
actuallength = max(0, min(length, fsize-seekpos))
if actuallength == 0: if actuallength == 0:
return "" return ""
f = open(self.home, 'rb') f = open(self.home, 'rb')

View File

@ -222,6 +222,7 @@ class StorageServer(service.MultiService, Referenceable):
{ "maximum-immutable-share-size": remaining_space, { "maximum-immutable-share-size": remaining_space,
"tolerates-immutable-read-overrun": True, "tolerates-immutable-read-overrun": True,
"delete-mutable-shares-with-zero-length-writev": True, "delete-mutable-shares-with-zero-length-writev": True,
"prevents-read-past-end-of-share-data": True,
}, },
"application-version": str(allmydata.__full_version__), "application-version": str(allmydata.__full_version__),
} }