From 3679515479136179e0d95325a6559fcc6d0af7f8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 6 Jun 2015 19:16:45 +0200 Subject: check patch hashes in rred worker instead of in the handler MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rred is responsible for unpacking and reading the patch files in one go, but we currently only have hashes for the uncompressed patch files, so the handler read the entire patch file before dispatching it to the worker which would read it again – both with an implicit uncompress. Worse, while the workers operate in parallel the handler is the central orchestration unit, so having it busy with work means the workers do (potentially) nothing. This means rred is working with 'untrusted' data, which is bad. Yet, having the unpack in the handler meant that the untrusted uncompress was done as root which isn't better either. Now, we have it at least contained in a binary which we can harden a bit better. In the long run, we want hashes for the compressed patch files through to be safe. --- apt-pkg/acquire-method.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'apt-pkg/acquire-method.h') diff --git a/apt-pkg/acquire-method.h b/apt-pkg/acquire-method.h index 399454892..6480eb4b5 100644 --- a/apt-pkg/acquire-method.h +++ b/apt-pkg/acquire-method.h @@ -76,11 +76,12 @@ class pkgAcqMethod std::string FailReason; std::string UsedMirror; std::string IP; - + // Handlers for messages virtual bool Configuration(std::string Message); virtual bool Fetch(FetchItem * /*Item*/) {return true;}; - + virtual bool URIAcquire(std::string const &/*Message*/, FetchItem *Itm) { return Fetch(Itm); }; + // Outgoing messages void Fail(bool Transient = false); inline void Fail(const char *Why, bool Transient = false) {Fail(std::string(Why),Transient);}; -- cgit v1.2.3 From c8a4ce6cbed57ae108dc955d4a850f9b129a0693 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Jun 2015 16:22:46 +0200 Subject: add d-pointer, virtual destructors and de-inline de/constructors To have a chance to keep the ABI for a while we need all three to team up. One of them missing and we might loose, so ensuring that they are available is a very tedious but needed task once in a while. Git-Dch: Ignore --- apt-pkg/acquire-method.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'apt-pkg/acquire-method.h') diff --git a/apt-pkg/acquire-method.h b/apt-pkg/acquire-method.h index 6480eb4b5..f6659ef1f 100644 --- a/apt-pkg/acquire-method.h +++ b/apt-pkg/acquire-method.h @@ -1,6 +1,5 @@ // -*- mode: cpp; mode: fold -*- // Description /*{{{*/ -// $Id: acquire-method.h,v 1.15.2.1 2003/12/24 23:09:17 mdz Exp $ /* ###################################################################### Acquire Method - Method helper class + functions @@ -53,6 +52,11 @@ class pkgAcqMethod // for when we know it or a arbitrary limit when we don't know the // filesize (like a InRelease file) unsigned long long MaximumSize; + + FetchItem(); + virtual ~FetchItem(); + private: + void *d; }; struct FetchResult @@ -67,6 +71,9 @@ class pkgAcqMethod void TakeHashes(class Hashes &Hash); FetchResult(); + virtual ~FetchResult(); + private: + void *d; }; // State -- cgit v1.2.3