midx: verify checksum footer

derrickstolee · Kevin Willford · commit 336f98f37798 · 2018-09-14T18:05:19.000-06:00
Signed-off-by: Derrick Stolee &lt;dstolee@microsoft.com&gt;
diff --git a/midx.c b/midx.c
@@ -952,7 +952,9 @@ int midx_verify(const char *pack_dir, const char *midx_id)
 	uint32_t i, cur_fanout_pos = 0;
 	struct midxed_git *m;
 	const char *midx_head_path;
-	struct object_id cur_oid, prev_oid;
+	struct object_id cur_oid, prev_oid, checksum;
+	struct hashfile *f;
+	int devnull, checksum_fail = 0;
 
 	if (midx_id) {
 		size_t sz;
@@ -970,6 +972,17 @@ int midx_verify(const char *pack_dir, const char *midx_id)
 		goto cleanup;
 	}
 
+
+	devnull = open("/dev/null", O_WRONLY);
+	f = hashfd(devnull, NULL);
+	hashwrite(f, m->data, m->data_len - m->hdr->hash_len);
+	finalize_hashfile(f, checksum.hash, CSUM_CLOSE);
+	if (hashcmp(checksum.hash, m->data + m->data_len - m->hdr->hash_len)) {
+		midx_report(_("the midx file has incorrect checksum and is likely corrupt"));
+		verify_midx_error = 0;
+		checksum_fail = 1;
+	}
+
 	if (m->hdr->hash_version != MIDX_OID_VERSION)
 		midx_report("invalid hash version");
 	if (m->hdr->hash_len != MIDX_OID_LEN)
@@ -987,8 +1000,6 @@ int midx_verify(const char *pack_dir, const char *midx_id)
 		goto cleanup;
 
 	for (i = 0; i < m->num_packs; i++) {
-		fprintf(stderr, "preparing %s\n", m->pack_names[i]);
-		fflush(stderr);
 		if (prepare_midx_pack(m, i)) {
 			midx_report("failed to prepare pack %s",
 				    m->pack_names[i]);
@@ -1060,5 +1071,5 @@ int midx_verify(const char *pack_dir, const char *midx_id)
 	if (m)
 		close_midx(m);
 	free(m);
-	return verify_midx_error;
+	return verify_midx_error | checksum_fail;
 }
diff --git a/t/t5319-midx.sh b/t/t5319-midx.sh
@@ -262,6 +262,8 @@ MIDX_BYTE_OBJECT_OFFSET=`expr $MIDX_OFFSET_OBJECT_OFFSETS + \
 MIDX_OFFSET_PACKFILE_NAMES=`expr $MIDX_OFFSET_OBJECT_OFFSETS + \
 				$MIDX_WIDTH_OBJECT_OFFSETS \* $MIDX_NUM_OBJECTS`
 MIDX_BYTE_PACKFILE_NAMES=`expr $MIDX_OFFSET_PACKFILE_NAMES + 10`
+MIDX_LEN=$(stat --printf="%s" midx-*.midx)
+MIDX_BYTE_CHECKSUM=`expr $MIDX_LEN - $HASH_LEN`
 
 test_expect_success 'midx --verify succeeds' '
 	git midx --verify --pack-dir .
@@ -369,6 +371,11 @@ test_expect_success 'verify packfile lookup' '
 		"invalid packfile name lookup"
 '
 
+test_expect_success 'verify checksum hash' '
+	corrupt_midx_and_verify $MIDX_BYTE_CHECKSUM "\00" \
+		"incorrect checksum"
+'
+
 # usage: corrupt_data <file> <pos> [<data>]
 corrupt_data() {
 	file=$1
