got-read-patch: don't hardcode SHA1_DIGEST

From:: Stefan Sperling <stsp@stsp.name>
Subject:: Re: got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
To:: Omar Polo <op@omarpolo.com>
Cc:: gameoftrees@openbsd.org
Date:: Fri, 2 Aug 2024 08:10:21 +0200

Download raw body.

Thread

2024-08-01 20:08 Stefan Sperling:
got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
- 2024-08-01 22:49 Omar Polo:
  got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
- - 2024-08-02 06:10 Stefan Sperling:
    got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
  - - 2024-08-02 08:36 Omar Polo:
      got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
    - - 2024-08-02 09:18 Stefan Sperling:
        got-read-patch: don't hardcode SHA1_DIGEST_LENGTH

On Fri, Aug 02, 2024 at 12:49:35AM +0200, Omar Polo wrote:
> @@ -193,7 +193,11 @@ blobid(const char *line, char **blob, int git)
>  	if ((*blob = strndup(line, len)) == NULL)
>  		return got_error_from_errno("strndup");
>  
> -	if (!git && !got_parse_hash_digest(digest, *blob, GOT_HASH_SHA1)) {
> +	if (git)
> +		return NULL;
> +
> +	if (!got_parse_hash_digest(digest, *blob, GOT_HASH_SHA1) &&
> +	    !got_parse_hash_digest(digest, *blob, GOT_HASH_SHA256)) {

The order of these checks should be flipped because sha2 is longer.
A sha2 hash could end up "truncated" and misparsed as a sha1 hash.

>  		/* silently ignore invalid blob ids */
>  		free(*blob);
>  		*blob = NULL;
> 
>

2024-08-01 20:08 Stefan Sperling:
got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
- 2024-08-01 22:49 Omar Polo:
  got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
- - 2024-08-02 06:10 Stefan Sperling:
    got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
  - - 2024-08-02 08:36 Omar Polo:
      got-read-patch: don't hardcode SHA1_DIGEST_LENGTH
    - - 2024-08-02 09:18 Stefan Sperling:
        got-read-patch: don't hardcode SHA1_DIGEST_LENGTH