Fossil SCM
Fix a bug in the schema definition that prevented new repositories from being created. On the server side, check the authentication hash using the appropriate hash algorithm.
Commit
f7861887d36f0e2c005ba377cd8b31d01990f9bf
Parent
2dce6a921198736…
2 files changed
+1
-1
+6
-5
+1
-1
| --- src/schema.c | ||
| +++ src/schema.c | ||
| @@ -119,11 +119,11 @@ | ||
| 119 | 119 | @ -- |
| 120 | 120 | @ CREATE TABLE alias( |
| 121 | 121 | @ hval TEXT, -- Hex-encoded hash value |
| 122 | 122 | @ htype ANY, -- Type of hash. |
| 123 | 123 | @ rid INTEGER REFERENCES blob, -- Blob that this hash names |
| 124 | -@ PRIMARY KEY(hval,htype,id) | |
| 124 | +@ PRIMARY KEY(hval,htype,rid) | |
| 125 | 125 | @ ) WITHOUT ROWID; |
| 126 | 126 | @ CREATE INDEX alias_rid ON alias(rid); |
| 127 | 127 | @ |
| 128 | 128 | @ -- Information about users |
| 129 | 129 | @ -- |
| 130 | 130 |
| --- src/schema.c | |
| +++ src/schema.c | |
| @@ -119,11 +119,11 @@ | |
| 119 | @ -- |
| 120 | @ CREATE TABLE alias( |
| 121 | @ hval TEXT, -- Hex-encoded hash value |
| 122 | @ htype ANY, -- Type of hash. |
| 123 | @ rid INTEGER REFERENCES blob, -- Blob that this hash names |
| 124 | @ PRIMARY KEY(hval,htype,id) |
| 125 | @ ) WITHOUT ROWID; |
| 126 | @ CREATE INDEX alias_rid ON alias(rid); |
| 127 | @ |
| 128 | @ -- Information about users |
| 129 | @ -- |
| 130 |
| --- src/schema.c | |
| +++ src/schema.c | |
| @@ -119,11 +119,11 @@ | |
| 119 | @ -- |
| 120 | @ CREATE TABLE alias( |
| 121 | @ hval TEXT, -- Hex-encoded hash value |
| 122 | @ htype ANY, -- Type of hash. |
| 123 | @ rid INTEGER REFERENCES blob, -- Blob that this hash names |
| 124 | @ PRIMARY KEY(hval,htype,rid) |
| 125 | @ ) WITHOUT ROWID; |
| 126 | @ CREATE INDEX alias_rid ON alias(rid); |
| 127 | @ |
| 128 | @ -- Information about users |
| 129 | @ -- |
| 130 |
+6
-5
| --- src/xfer.c | ||
| +++ src/xfer.c | ||
| @@ -721,23 +721,24 @@ | ||
| 721 | 721 | } |
| 722 | 722 | db_finalize(&q); |
| 723 | 723 | } |
| 724 | 724 | |
| 725 | 725 | /* |
| 726 | -** Compute an SHA1 hash on the tail of pMsg. Verify that it matches the | |
| 726 | +** Compute an hash on the tail of pMsg. Verify that it matches the | |
| 727 | 727 | ** the hash given in pHash. Return non-zero for an error and 0 on success. |
| 728 | +** | |
| 729 | +** The type of hash computed (SHA1, SHA3-224, SHA3-256) is determined by | |
| 730 | +** the length of the input hash in pHash. | |
| 728 | 731 | */ |
| 729 | 732 | static int check_tail_hash(Blob *pHash, Blob *pMsg){ |
| 730 | 733 | Blob tail; |
| 731 | 734 | Blob h2; |
| 732 | 735 | int rc; |
| 733 | 736 | blob_tail(pMsg, &tail); |
| 734 | - sha1sum_blob(&tail, &h2); | |
| 735 | - rc = blob_compare(pHash, &h2); | |
| 736 | - blob_reset(&h2); | |
| 737 | + rc = hname_verify_hash(&tail, blob_buffer(pHash), blob_size(pHash)); | |
| 737 | 738 | blob_reset(&tail); |
| 738 | - return rc; | |
| 739 | + return rc==HNAME_ERROR; | |
| 739 | 740 | } |
| 740 | 741 | |
| 741 | 742 | /* |
| 742 | 743 | ** Check the signature on an application/x-fossil payload received by |
| 743 | 744 | ** the HTTP server. The signature is a line of the following form: |
| 744 | 745 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -721,23 +721,24 @@ | |
| 721 | } |
| 722 | db_finalize(&q); |
| 723 | } |
| 724 | |
| 725 | /* |
| 726 | ** Compute an SHA1 hash on the tail of pMsg. Verify that it matches the |
| 727 | ** the hash given in pHash. Return non-zero for an error and 0 on success. |
| 728 | */ |
| 729 | static int check_tail_hash(Blob *pHash, Blob *pMsg){ |
| 730 | Blob tail; |
| 731 | Blob h2; |
| 732 | int rc; |
| 733 | blob_tail(pMsg, &tail); |
| 734 | sha1sum_blob(&tail, &h2); |
| 735 | rc = blob_compare(pHash, &h2); |
| 736 | blob_reset(&h2); |
| 737 | blob_reset(&tail); |
| 738 | return rc; |
| 739 | } |
| 740 | |
| 741 | /* |
| 742 | ** Check the signature on an application/x-fossil payload received by |
| 743 | ** the HTTP server. The signature is a line of the following form: |
| 744 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -721,23 +721,24 @@ | |
| 721 | } |
| 722 | db_finalize(&q); |
| 723 | } |
| 724 | |
| 725 | /* |
| 726 | ** Compute an hash on the tail of pMsg. Verify that it matches the |
| 727 | ** the hash given in pHash. Return non-zero for an error and 0 on success. |
| 728 | ** |
| 729 | ** The type of hash computed (SHA1, SHA3-224, SHA3-256) is determined by |
| 730 | ** the length of the input hash in pHash. |
| 731 | */ |
| 732 | static int check_tail_hash(Blob *pHash, Blob *pMsg){ |
| 733 | Blob tail; |
| 734 | Blob h2; |
| 735 | int rc; |
| 736 | blob_tail(pMsg, &tail); |
| 737 | rc = hname_verify_hash(&tail, blob_buffer(pHash), blob_size(pHash)); |
| 738 | blob_reset(&tail); |
| 739 | return rc==HNAME_ERROR; |
| 740 | } |
| 741 | |
| 742 | /* |
| 743 | ** Check the signature on an application/x-fossil payload received by |
| 744 | ** the HTTP server. The signature is a line of the following form: |
| 745 |