From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 31 Jan 2025 16:20:03 +0000 (+0000)
Subject: xfer: Don't verify digest when we did not get a positive response
X-Git-Tag: 0.9.30~206
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=52f040b4022f0f178cd2100871c2470251c8f50c;p=pakfire.git

xfer: Don't verify digest when we did not get a positive response

When servers were sending a 404 error page, the transfer failed because
of a digest mismatch which is not what we want.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/pakfire/xfer.c b/src/pakfire/xfer.c
index 69c3901b..c6e9bae9 100644
--- a/src/pakfire/xfer.c
+++ b/src/pakfire/xfer.c
@@ -1207,6 +1207,55 @@ ERROR:
 }
 #endif /* CURL_HAS_WEBSOCKETS */
 
+/*
+	This function checks if the digests match (if set up)
+*/
+static int pakfire_xfer_verify(struct pakfire_xfer* self) {
+	char* computed_hexdigest = NULL;
+	char* expected_hexdigest = NULL;
+	int r;
+
+	// Nothing to do if there is no EVP
+	if (!self->evp)
+		return 0;
+
+	// Finish message digest computation
+	r = EVP_DigestFinal_ex(self->evp, self->computed_digest, &self->computed_digest_length);
+	if (r != 1) {
+		ERROR(self->ctx, "Could not finish message digest computation: %s\n",
+			ERR_error_string(ERR_get_error(), NULL));
+		r = -EBADMSG;
+		goto ERROR;
+	}
+
+	// Compare the hexdigests
+	r = CRYPTO_memcmp(self->computed_digest, self->expected_digest, self->computed_digest_length);
+
+	// If they don't match, log the error
+	if (r) {
+		// Format the expected hexdigest
+		computed_hexdigest = __pakfire_hexlify(self->computed_digest, self->computed_digest_length);
+		expected_hexdigest = __pakfire_hexlify(self->expected_digest, self->expected_digest_length);
+
+		ERROR(self->ctx, "Download checksum for %s didn't match:\n", self->effective_url);
+		ERROR(self->ctx, "  Expected: %s\n", expected_hexdigest);
+		ERROR(self->ctx, "  Computed: %s\n", computed_hexdigest);
+
+		// Make this download fail
+		r = pakfire_xfer_fail(self, PAKFIRE_XFER_DIGEST_MISMATCH);
+		if (r < 0)
+			goto ERROR;
+	}
+
+ERROR:
+	if (computed_hexdigest)
+		free(computed_hexdigest);
+	if (expected_hexdigest)
+		free(expected_hexdigest);
+
+	return r;
+}
+
 static int pakfire_xfer_save(struct pakfire_xfer* xfer) {
 	int fd = -EBADF;
 	int r;
@@ -1336,64 +1385,25 @@ pakfire_xfer_error_code_t pakfire_xfer_done(struct pakfire_xfer* xfer, int code)
 	if (upload_speed)
 		DEBUG(xfer->ctx, "  Upload Speed: %ld bps\n", upload_speed);
 
-	// Check if digests match
-	if (xfer->evp) {
-		// Finish message digest computation
-		r = EVP_DigestFinal_ex(xfer->evp, xfer->computed_digest, &xfer->computed_digest_length);
-		if (r != 1) {
-			ERROR(xfer->ctx, "Could not finish message digest computation: %s\n",
-				ERR_error_string(ERR_get_error(), NULL));
-			r = -EBADMSG;
-			goto ERROR;
-		}
-
-		// Message Digest
-		char* hexdigest = __pakfire_hexlify(xfer->computed_digest, xfer->computed_digest_length);
-		if (hexdigest) {
-			DEBUG(xfer->ctx, "  Message Digest: %s\n", hexdigest);
-			free(hexdigest);
-		}
-
-		r = CRYPTO_memcmp(xfer->computed_digest, xfer->expected_digest,
-			xfer->computed_digest_length);
-
-		// If they don't match, log the error
-		if (r) {
-			char* computed_hexdigest = __pakfire_hexlify(xfer->computed_digest,
-				xfer->computed_digest_length);
-			char* expected_hexdigest = __pakfire_hexlify(xfer->expected_digest,
-				xfer->expected_digest_length);
-
-			ERROR(xfer->ctx, "Download checksum for %s didn't match:\n", xfer->effective_url);
-			ERROR(xfer->ctx, "  Expected: %s\n", expected_hexdigest);
-			ERROR(xfer->ctx, "  Computed: %s\n", computed_hexdigest);
-
-			if (computed_hexdigest)
-				free(computed_hexdigest);
-			if (expected_hexdigest)
-				free(expected_hexdigest);
-
-			// Make this download fail
-			r = pakfire_xfer_fail(xfer, PAKFIRE_XFER_DIGEST_MISMATCH);
-			if (r)
-				goto ERROR;
-		}
-	}
-
 	// All okay?
 	if (code == CURLE_OK) {
-		// Handle actions for different transfer types
 		switch (xfer->direction) {
 			case PAKFIRE_XFER_DOWNLOAD:
+				// Verify the received payload
+				r = pakfire_xfer_verify(xfer);
+				if (r < 0)
+					goto ERROR;
+
+				// Save the payload
 				r = pakfire_xfer_save(xfer);
-				if (r)
+				if (r < 0)
 					goto ERROR;
 				break;
 
 #ifdef CURL_HAS_WEBSOCKETS
 			case PAKFIRE_XFER_SOCKET:
 				r = pakfire_xfer_done_socket(xfer, code);
-				if (r)
+				if (r < 0)
 					goto ERROR;
 #endif /* CURL_HAS_WEBSOCKETS */
 
@@ -1408,7 +1418,7 @@ pakfire_xfer_error_code_t pakfire_xfer_done(struct pakfire_xfer* xfer, int code)
 
 		// Report that something went wrong
 		r = pakfire_xfer_fail(xfer, code);
-		if (r)
+		if (r < 0)
 			goto ERROR;
 	}