commit fb2a9ab8a28891a770e6d0c260b76dfba2f2f369
from: Omar Polo <op@omarpolo.com>
date: Sun Feb 12 14:10:01 2023 UTC

fix pack checksum handling for sha256

commit - fc4dc3ce204190ef63c9b748c30137f11cec86be
commit + fb2a9ab8a28891a770e6d0c260b76dfba2f2f369
blob - eb4cc4d7fd73f259f3ba94f94963980b5cbfe2ae
blob + c8de52c69b4567e1b40a221dd6e87c77f6e50ff6
--- lib/got_lib_pack.h
+++ lib/got_lib_pack.h
@@ -64,8 +64,8 @@ const struct got_error *got_pack_parse_object_type_and
 /* See Documentation/technical/pack-format.txt in Git. */
 
 struct got_packidx_trailer {
-	u_int8_t	packfile_hash[SHA1_DIGEST_LENGTH];
-	u_int8_t	packidx_hash[SHA1_DIGEST_LENGTH];
+	uint8_t		packfile_hash[GOT_OBJECT_ID_MAXLEN];
+	uint8_t		packidx_hash[GOT_OBJECT_ID_MAXLEN];
 } __attribute__((__packed__));
 
 struct got_packidx_object_id {
@@ -108,7 +108,7 @@ struct got_packidx_v2_hdr {
 	/* Large offsets table is empty for pack files < 2 GB. */
 	uint64_t	*large_offsets;		/* values are big endian */
 
-	struct got_packidx_trailer *trailer;
+	struct got_packidx_trailer trailer;
 };
 
 struct got_pack_offset_index {
blob - 8f78e8b10321ed161ab6578ceb6672c339db36a0
blob + d190434cc5cacc38d158263b23499c9c90aa69d2
--- lib/pack.c
+++ lib/pack.c
@@ -301,32 +301,43 @@ got_packidx_init_hdr(struct got_packidx *p, int verify
 	offset += p->nlargeobj * sizeof(*h->large_offsets);
 
 checksum:
-	if (remain < sizeof(*h->trailer)) {
+	if (remain < 2 * got_hash_digest_length(p->algo)) {
 		err = got_error(GOT_ERR_BAD_PACKIDX);
 		goto done;
 	}
-	if (p->map)
-		h->trailer =
-		    (struct got_packidx_trailer *)((uint8_t*)(p->map + offset));
-	else {
-		h->trailer = malloc(sizeof(*h->trailer));
-		if (h->trailer == NULL) {
-			err = got_error_from_errno("malloc");
+	if (p->map) {
+		const uint8_t *base = p->map + offset;
+
+		memcpy(&h->trailer.packfile_hash, base,
+		    got_hash_digest_length(p->algo));
+		base += got_hash_digest_length(p->algo);
+		memcpy(&h->trailer.packidx_hash, base,
+		    got_hash_digest_length(p->algo));
+	} else {
+		err = NULL;
+		n = read(p->fd, &h->trailer.packfile_hash,
+		    got_hash_digest_length(p->algo));
+		if (n < 0)
+			err = got_error_from_errno("read");
+		else if (n != got_hash_digest_length(p->algo))
+			err = got_error(GOT_ERR_BAD_PACKIDX);
+		if (err)
 			goto done;
-		}
-		n = read(p->fd, h->trailer, sizeof(*h->trailer));
+
+		n = read(p->fd, &h->trailer.packidx_hash,
+		    got_hash_digest_length(p->algo));
 		if (n < 0)
 			err = got_error_from_errno("read");
-		else if (n != sizeof(*h->trailer)) {
+		else if (n != got_hash_digest_length(p->algo))
 			err = got_error(GOT_ERR_BAD_PACKIDX);
+		if (err)
 			goto done;
-		}
 	}
 	if (verify) {
-		got_hash_update(&ctx, h->trailer->packfile_hash,
+		got_hash_update(&ctx, h->trailer.packfile_hash,
 		    got_hash_digest_length(p->algo));
 		got_hash_final(&ctx, hash);
-		if (got_hash_cmp(&ctx, hash, h->trailer->packidx_hash) != 0)
+		if (got_hash_cmp(&ctx, hash, h->trailer.packidx_hash) != 0)
 			err = got_error(GOT_ERR_PACKIDX_CSUM);
 	}
 done:
@@ -434,7 +445,6 @@ got_packidx_close(struct got_packidx *packidx)
 		free(packidx->hdr.crc32);
 		free(packidx->hdr.offsets);
 		free(packidx->hdr.large_offsets);
-		free(packidx->hdr.trailer);
 	}
 	if (close(packidx->fd) == -1 && err == NULL)
 		err = got_error_from_errno("close");