From: Job Snijders Date: Thu, 13 Jun 2024 18:21:36 +0000 (+0000) Subject: Shuffle the order in which Manifest entries are processed X-Git-Tag: 1.6.3~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F139%2Fhead;p=thirdparty%2FFORT-validator.git Shuffle the order in which Manifest entries are processed Previously work items were enqueued in the order the CA intended them to appear on a Manifest. However, there is no obvious benefit to letting third parties decide the order in which objects are processed. Instead, randomize the list of FileAndHashes, its ordering has no meaning anyway. As they say, a fox is not taken twice in the same snare --- diff --git a/src/object/manifest.c b/src/object/manifest.c index de150a72..a50e2889 100644 --- a/src/object/manifest.c +++ b/src/object/manifest.c @@ -1,3 +1,5 @@ +#include + #include "object/manifest.h" #include "algorithm.h" @@ -192,8 +194,8 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif, struct rpki_uri *mft_uri, struct rpp **pp) { char const *tal; - int i; - struct FileAndHash *fah; + int i, j; + struct FileAndHash *fah, *tmpfah; struct rpki_uri *uri; int error; @@ -201,6 +203,15 @@ build_rpp(struct Manifest *mft, struct rpki_uri *notif, tal = tal_get_file_name(validation_tal(state_retrieve())); + /* Fisher-Yates shuffle with modulo bias */ + srand(time(NULL) ^ getpid()); + for (i = 0; i < mft->fileList.list.count; i++) { + j = rand() % mft->fileList.list.count; + tmpfah = mft->fileList.list.array[j]; + mft->fileList.list.array[j] = mft->fileList.list.array[i]; + mft->fileList.list.array[i] = tmpfah; + } + for (i = 0; i < mft->fileList.list.count; i++) { fah = mft->fileList.list.array[i];