Skip to content

G
go-ipfs
提交 c6ee301a 作者: Kevin Atkinson
操作

Revert Most of "Merge pull request #4751 from ipfs/feat/safe-cid" 

This mostly reverts commit 13887ff2,
reversing changes made to a5440265.

It keeps the fixed to "ipfs pin verify" and a fix to t0050-block.sh to use
a longer block size.
上级 be209036
正在显示 包含 6 行增加354 行删除
blockservice/blockservice.go
......@@ -9,8 +9,6 @@ import (
"fmt"
"io"
"github.com/ipfs/go-ipfs/thirdparty/verifcid"
blocks "gx/ipfs/QmTRCUvZLiir12Qr6MV3HKfKMHX8Nf1Vddn6t2g5nsQSb9/go-block-format"
exchange "gx/ipfs/QmVSe7YJbPnEmkSUKD3HxSvp8HJoyCU55hQoCMRq7N1jaK/go-ipfs-exchange-interface"
cid "gx/ipfs/QmapdYm1b22Frv3k17fqrBYTFRxwiaVJkB299Mfn33edeB/go-cid"
......@@ -131,11 +129,6 @@ func NewSession(ctx context.Context, bs BlockService) *Session {
// TODO pass a context into this if the remote.HasBlock is going to remain here.
func (s *blockService) AddBlock(o blocks.Block) error {
c := o.Cid()
// hash security
err := verifcid.ValidateCid(c)
if err != nil {
return err
}
if s.checkFirst {
if has, err := s.blockstore.Has(c); has || err != nil {
return err
......@@ -157,13 +150,6 @@ func (s *blockService) AddBlock(o blocks.Block) error {
}
func (s *blockService) AddBlocks(bs []blocks.Block) error {
// hash security
for _, b := range bs {
err := verifcid.ValidateCid(b.Cid())
if err != nil {
return err
}
}
var toput []blocks.Block
if s.checkFirst {
toput = make([]blocks.Block, 0, len(bs))
......@@ -205,15 +191,10 @@ func (s *blockService) GetBlock(ctx context.Context, c *cid.Cid) (blocks.Block,
f = s.exchange
}
return getBlock(ctx, c, s.blockstore, f) // hash security
return getBlock(ctx, c, s.blockstore, f)
}
func getBlock(ctx context.Context, c *cid.Cid, bs blockstore.Blockstore, f exchange.Fetcher) (blocks.Block, error) {
err := verifcid.ValidateCid(c) // hash security
if err != nil {
return nil, err
}
block, err := bs.Get(c)
if err == nil {
return block, nil
......@@ -246,7 +227,7 @@ func getBlock(ctx context.Context, c *cid.Cid, bs blockstore.Blockstore, f excha
// the returned channel.
// NB: No guarantees are made about order.
func (s *blockService) GetBlocks(ctx context.Context, ks []*cid.Cid) <-chan blocks.Block {
return getBlocks(ctx, ks, s.blockstore, s.exchange) // hash security
return getBlocks(ctx, ks, s.blockstore, s.exchange)
}
func getBlocks(ctx context.Context, ks []*cid.Cid, bs blockstore.Blockstore, f exchange.Fetcher) <-chan blocks.Block {
......@@ -255,18 +236,6 @@ func getBlocks(ctx context.Context, ks []*cid.Cid, bs blockstore.Blockstore, f e
go func() {
defer close(out)
k := 0
for _, c := range ks {
// hash security
if err := verifcid.ValidateCid(c); err == nil {
ks[k] = c
k++
} else {
log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err)
}
}
ks = ks[:k]
var misses []*cid.Cid
for _, c := range ks {
hit, err := bs.Get(c)
......@@ -325,12 +294,12 @@ type Session struct {
// GetBlock gets a block in the context of a request session
func (s *Session) GetBlock(ctx context.Context, c *cid.Cid) (blocks.Block, error) {
return getBlock(ctx, c, s.bs, s.ses) // hash security
return getBlock(ctx, c, s.bs, s.ses)
}
// GetBlocks gets blocks in the context of a request session
func (s *Session) GetBlocks(ctx context.Context, ks []*cid.Cid) <-chan blocks.Block {
return getBlocks(ctx, ks, s.bs, s.ses) // hash security
return getBlocks(ctx, ks, s.bs, s.ses)
}
var _ BlockGetter = (*Session)(nil)
core/builder.go
......@@ -16,7 +16,6 @@ import (
pin "github.com/ipfs/go-ipfs/pin"
repo "github.com/ipfs/go-ipfs/repo"
cfg "github.com/ipfs/go-ipfs/repo/config"
"github.com/ipfs/go-ipfs/thirdparty/verifbs"
uio "github.com/ipfs/go-ipfs/unixfs/io"
offline "gx/ipfs/QmPf114DXfa6TqGKYhBGR7EtXRho4rCJgwyA1xkuMY5vwF/go-ipfs-exchange-offline"
......@@ -178,9 +177,7 @@ func setupNode(ctx context.Context, n *IpfsNode, cfg *BuildCfg) error {
TempErrFunc: isTooManyFDError,
}
// hash security
bs := bstore.NewBlockstore(rds)
bs = &verifbs.VerifBS{Blockstore: bs}
opts := bstore.DefaultCacheOpts()
conf, err := n.Repo.Config()
......@@ -206,10 +203,8 @@ func setupNode(ctx context.Context, n *IpfsNode, cfg *BuildCfg) error {
n.Blockstore = bstore.NewGCBlockstore(cbs, n.GCLocker)
if conf.Experimental.FilestoreEnabled {
// hash security
n.Filestore = filestore.NewFilestore(cbs, n.Repo.FileManager())
n.Blockstore = bstore.NewGCBlockstore(n.Filestore, n.GCLocker)
n.Blockstore = &verifbs.VerifBSGC{GCBlockstore: n.Blockstore}
}
rcfg, err := n.Repo.Config()
......
core/commands/add.go
......@@ -258,7 +258,7 @@ You can now check what blocks have been created by:
exch = offline.Exchange(addblockstore)
}
bserv := blockservice.New(addblockstore, exch) // hash security 001
bserv := blockservice.New(addblockstore, exch)
dserv := dag.NewDAGService(bserv)
outChan := make(chan interface{}, adderOutChanSize)
......
core/commands/pin.go
......@@ -16,7 +16,6 @@ import (
path "github.com/ipfs/go-ipfs/path"
resolver "github.com/ipfs/go-ipfs/path/resolver"
pin "github.com/ipfs/go-ipfs/pin"
"github.com/ipfs/go-ipfs/thirdparty/verifcid"
uio "github.com/ipfs/go-ipfs/unixfs/io"
u "gx/ipfs/QmPdKqUcHGFdeSpvjVoaTRPPstGif9GBZb5Q56RVw9o69A/go-ipfs-util"
......@@ -609,15 +608,6 @@ func pinVerify(ctx context.Context, n *core.IpfsNode, opts pinVerifyOpts) <-chan
return status
}
if err := verifcid.ValidateCid(root); err != nil {
status := PinStatus{Ok: false}
if opts.explain {
status.BadNodes = []BadNode{BadNode{Cid: key, Err: err.Error()}}
}
visited[key] = status
return status
}
links, err := getLinks(ctx, root)
if err != nil {
status := PinStatus{Ok: false}
......
exchange/reprovide/reprovide.go
......@@ -5,8 +5,6 @@ import (
"fmt"
"time"
"github.com/ipfs/go-ipfs/thirdparty/verifcid"
backoff "gx/ipfs/QmPJUtEJsm5YLUWhF6imvyCH8KZXRJa9Wup7FDMwTy5Ufz/backoff"
routing "gx/ipfs/QmUV9hDAAyjeGbxbXkJ2sYqZ6dTd1DXJ2REhYEkRm178Tg/go-libp2p-routing"
cid "gx/ipfs/QmapdYm1b22Frv3k17fqrBYTFRxwiaVJkB299Mfn33edeB/go-cid"
......@@ -85,11 +83,6 @@ func (rp *Reprovider) Reprovide() error {
return fmt.Errorf("failed to get key chan: %s", err)
}
for c := range keychan {
// hash security
if err := verifcid.ValidateCid(c); err != nil {
log.Errorf("insecure hash in reprovider, %s (%s)", c, err)
continue
}
op := func() error {
err := rp.rsys.Provide(rp.ctx, c, true)
if err != nil {
......
pin/gc/gc.go
......@@ -5,12 +5,10 @@ import (
"context"
"errors"
"fmt"
"strings"
bserv "github.com/ipfs/go-ipfs/blockservice"
dag "github.com/ipfs/go-ipfs/merkledag"
pin "github.com/ipfs/go-ipfs/pin"
"github.com/ipfs/go-ipfs/thirdparty/verifcid"
offline "gx/ipfs/QmPf114DXfa6TqGKYhBGR7EtXRho4rCJgwyA1xkuMY5vwF/go-ipfs-exchange-offline"
ipld "gx/ipfs/QmWi2BYBL5gJ3CiAiQchg6rn1A8iBsrWy51EYxvHVjFvLb/go-ipld-format"
......@@ -131,34 +129,12 @@ func GC(ctx context.Context, bs bstore.GCBlockstore, dstor dstore.Datastore, pn
// adds them to the given cid.Set, using the provided dag.GetLinks function
// to walk the tree.
func Descendants(ctx context.Context, getLinks dag.GetLinks, set *cid.Set, roots []*cid.Cid) error {
verifyGetLinks := func(ctx context.Context, c *cid.Cid) ([]*ipld.Link, error) {
err := verifcid.ValidateCid(c)
if err != nil {
return nil, err
}
return getLinks(ctx, c)
}
verboseCidError := func(err error) error {
if strings.Contains(err.Error(), verifcid.ErrBelowMinimumHashLength.Error()) ||
strings.Contains(err.Error(), verifcid.ErrPossiblyInsecureHashFunction.Error()) {
err = fmt.Errorf("\"%s\"\nPlease run 'ipfs pin verify'"+
" to list insecure hashes. If you want to read them,"+
" please downgrade your go-ipfs to 0.4.13\n", err)
log.Error(err)
}
return err
}
for _, c := range roots {
set.Add(c)
// EnumerateChildren recursively walks the dag and adds the keys to the given set
err := dag.EnumerateChildren(ctx, verifyGetLinks, c, set.Visit)
err := dag.EnumerateChildren(ctx, getLinks, c, set.Visit)
if err != nil {
err = verboseCidError(err)
return err
}
}
......
test/sharness/t0275-cid-security.sh deleted 100755 → 0
#!/usr/bin/env bash
#
# Copyright (c) 2017 Jakub Sztandera
# MIT Licensed; see the LICENSE file in this repository.
#
test_description="Cid Security"
. lib/test-lib.sh
test_init_ipfs
test_expect_success "adding using unsafe function fails with error" '
echo foo | test_must_fail ipfs add --hash murmur3 2>add_out
'
test_expect_success "error reason is pointed out" '
grep "insecure hash functions not allowed" add_out
'
test_expect_success "adding using too short of a hash function gives out an error" '
echo foo | test_must_fail ipfs block put --mhlen 19 2>block_out
'
test_expect_success "error reason is pointed out" '
grep "hashes must be at 20 least bytes long" block_out
'
test_cat_get() {
test_expect_success "ipfs cat fails with unsafe hash function" '
test_must_fail ipfs cat zDvnoLcPKWR 2>ipfs_cat
'
test_expect_success "error reason is pointed out" '
grep "insecure hash functions not allowed" ipfs_cat
'
test_expect_success "ipfs get fails with too short function" '
test_must_fail ipfs get z2ba5YhCCFNFxLtxMygQwjBjYSD8nUeN 2>ipfs_get
'
test_expect_success "error reason is pointed out" '
grep "hashes must be at 20 least bytes long" ipfs_get
'
}
test_gc() {
test_expect_success "injecting insecure block" '
mkdir -p "$IPFS_PATH/blocks/JZ" &&
cp -f ../t0275-cid-security-data/AFKSEBCGPUJZE.data "$IPFS_PATH/blocks/JZ"
'
test_expect_success "gc works" 'ipfs repo gc > gc_out'
test_expect_success "gc removed bad block" '
grep zDvnoGUyhEq gc_out
'
}
# should work offline
test_cat_get
test_gc
# should work online
test_launch_ipfs_daemon
test_cat_get
test_gc
test_expect_success "add block linking to insecure" '
mkdir -p "$IPFS_PATH/blocks/5X" &&
cp -f "../t0275-cid-security-data/CIQG6PGTD2VV34S33BE4MNCQITBRFYUPYQLDXYARR3DQW37MOT7K5XI.data" "$IPFS_PATH/blocks/5X"
'
test_expect_success "ipfs cat fails with code 1 and not timeout" '
test_expect_code 1 go-timeout 1s ipfs cat QmVpsktzNeJdfWEpyeix93QJdQaBSgRNxebSbYSo9SQPGx
'
test_kill_ipfs_daemon
test_done
thirdparty/verifbs/verifbs.go deleted 100644 → 0
package verifbs
import (
"github.com/ipfs/go-ipfs/thirdparty/verifcid"
blocks "gx/ipfs/QmTRCUvZLiir12Qr6MV3HKfKMHX8Nf1Vddn6t2g5nsQSb9/go-block-format"
cid "gx/ipfs/QmapdYm1b22Frv3k17fqrBYTFRxwiaVJkB299Mfn33edeB/go-cid"
bstore "gx/ipfs/QmbaPGg81pvQiC5vTXtC9Jo8rdrWUjRaugH71WYNsgi6Ev/go-ipfs-blockstore"
)
type VerifBSGC struct {
bstore.GCBlockstore
}
func (bs *VerifBSGC) Put(b blocks.Block) error {
if err := verifcid.ValidateCid(b.Cid()); err != nil {
return err
}
return bs.GCBlockstore.Put(b)
}
func (bs *VerifBSGC) PutMany(blks []blocks.Block) error {
for _, b := range blks {
if err := verifcid.ValidateCid(b.Cid()); err != nil {
return err
}
}
return bs.GCBlockstore.PutMany(blks)
}
func (bs *VerifBSGC) Get(c *cid.Cid) (blocks.Block, error) {
if err := verifcid.ValidateCid(c); err != nil {
return nil, err
}
return bs.GCBlockstore.Get(c)
}
type VerifBS struct {
bstore.Blockstore
}
func (bs *VerifBS) Put(b blocks.Block) error {
if err := verifcid.ValidateCid(b.Cid()); err != nil {
return err
}
return bs.Blockstore.Put(b)
}
func (bs *VerifBS) PutMany(blks []blocks.Block) error {
for _, b := range blks {
if err := verifcid.ValidateCid(b.Cid()); err != nil {
return err
}
}
return bs.Blockstore.PutMany(blks)
}
func (bs *VerifBS) Get(c *cid.Cid) (blocks.Block, error) {
if err := verifcid.ValidateCid(c); err != nil {
return nil, err
}
return bs.Blockstore.Get(c)
}
thirdparty/verifcid/validate.go deleted 100644 → 0
package verifcid
import (
"fmt"
mh "gx/ipfs/QmPnFwZ2JXKnXgMw8CdBPxn7FWh6LLdjUjxV1fKHuJnkr8/go-multihash"
cid "gx/ipfs/QmapdYm1b22Frv3k17fqrBYTFRxwiaVJkB299Mfn33edeB/go-cid"
)
var ErrPossiblyInsecureHashFunction = fmt.Errorf("potentially insecure hash functions not allowed")
var ErrBelowMinimumHashLength = fmt.Errorf("hashes must be at %d least bytes long", minimumHashLength)
const minimumHashLength = 20
var goodset = map[uint64]bool{
mh.SHA2_256: true,
mh.SHA2_512: true,
mh.SHA3_224: true,
mh.SHA3_256: true,
mh.SHA3_384: true,
mh.SHA3_512: true,
mh.SHAKE_256: true,
mh.DBL_SHA2_256: true,
mh.KECCAK_224: true,
mh.KECCAK_256: true,
mh.KECCAK_384: true,
mh.KECCAK_512: true,
mh.ID: true,
mh.SHA1: true, // not really secure but still useful
}
func IsGoodHash(code uint64) bool {
good, found := goodset[code]
if good {
return true
}
if !found {
if code >= mh.BLAKE2B_MIN+19 && code <= mh.BLAKE2B_MAX {
return true
}
if code >= mh.BLAKE2S_MIN+19 && code <= mh.BLAKE2S_MAX {
return true
}
}
return false
}
func ValidateCid(c *cid.Cid) error {
pref := c.Prefix()
if !IsGoodHash(pref.MhType) {
return ErrPossiblyInsecureHashFunction
}
if pref.MhType != mh.ID && pref.MhLength < minimumHashLength {
return ErrBelowMinimumHashLength
}
return nil
}
thirdparty/verifcid/validate_test.go deleted 100644 → 0
package verifcid
import (
"testing"
mh "gx/ipfs/QmPnFwZ2JXKnXgMw8CdBPxn7FWh6LLdjUjxV1fKHuJnkr8/go-multihash"
cid "gx/ipfs/QmapdYm1b22Frv3k17fqrBYTFRxwiaVJkB299Mfn33edeB/go-cid"
)
func TestValidateCids(t *testing.T) {
assertTrue := func(v bool) {
t.Helper()
if !v {
t.Fatal("expected success")
}
}
assertFalse := func(v bool) {
t.Helper()
if v {
t.Fatal("expected failure")
}
}
assertTrue(IsGoodHash(mh.SHA2_256))
assertTrue(IsGoodHash(mh.BLAKE2B_MIN + 32))
assertTrue(IsGoodHash(mh.DBL_SHA2_256))
assertTrue(IsGoodHash(mh.KECCAK_256))
assertTrue(IsGoodHash(mh.SHA3))
assertTrue(IsGoodHash(mh.SHA1))
assertFalse(IsGoodHash(mh.BLAKE2B_MIN + 5))
mhcid := func(code uint64, length int) *cid.Cid {
mhash, err := mh.Sum([]byte{}, code, length)
if err != nil {
t.Fatal(err)
}
return cid.NewCidV1(cid.DagCBOR, mhash)
}
cases := []struct {
cid *cid.Cid
err error
}{
{mhcid(mh.SHA2_256, 32), nil},
{mhcid(mh.SHA2_256, 16), ErrBelowMinimumHashLength},
{mhcid(mh.MURMUR3, 4), ErrPossiblyInsecureHashFunction},
}
for i, cas := range cases {
if ValidateCid(cas.cid) != cas.err {
t.Errorf("wrong result in case of %s (index %d). Expected: %s, got %s",
cas.cid, i, cas.err, ValidateCid(cas.cid))
}
}
}
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论