Possible Invalid Checkpoint.

Appox Date June 24.

Possible Invalid Checkpoint.
Appox Date June 24.
d904e888 · Kevin Atkinson · 70949b0f · d904e888 · d904e888 · d904e888
--- a/blockservice/test/blocks_test.go
+++ b/blockservice/test/blocks_test.go
@@ -28,7 +28,7 @@ func TestBlocks(t *testing.T) {
 	defer bs.Close()

 	o := newObject([]byte("beep boop"))
-	h := cid.NewCidV0(u.Hash([]byte("beep boop")))
+	h, _ := cid.NewCidV0(u.Hash([]byte("beep boop")))
 	if !o.Cid().Equals(h) {
 		t.Error("Block key and data multihash key not equal")
 	}

--- a/core/pathresolver_test.go
+++ b/core/pathresolver_test.go
@@ -25,7 +25,7 @@ func TestResolveNoComponents(t *testing.T) {
 	}

 	_, err = core.Resolve(n.Context(), n.Namesys, n.Resolver, path.Path("/../.."))
-	if err != path.ErrBadPath {
+	if _, ok := err.(path.ErrBadPath); !ok {
 		t.Fatal("Should error with invalid path.", err)
 	}
 }
--- a/exchange/bitswap/decision/bench_test.go
+++ b/exchange/bitswap/decision/bench_test.go
@@ -23,7 +23,7 @@ func BenchmarkTaskQueuePush(b *testing.B) {
 	}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		c := cid.NewCidV0(u.Hash([]byte(fmt.Sprint(i))))
+		c, _ := cid.NewCidV0(u.Hash([]byte(fmt.Sprint(i))))

 		q.Push(&wantlist.Entry{Cid: c, Priority: math.MaxInt32}, peers[i%len(peers)])
 	}

--- a/exchange/bitswap/decision/peer_request_queue_test.go
+++ b/exchange/bitswap/decision/peer_request_queue_test.go
@@ -44,11 +44,11 @@ func TestPushPop(t *testing.T) {
 		letter := alphabet[index]
 		t.Log(partner.String())

-		c := cid.NewCidV0(u.Hash([]byte(letter)))
+		c, _ := cid.NewCidV0(u.Hash([]byte(letter)))
 		prq.Push(&wantlist.Entry{Cid: c, Priority: math.MaxInt32 - index}, partner)
 	}
 	for _, consonant := range consonants {
-		c := cid.NewCidV0(u.Hash([]byte(consonant)))
+		c, _ := cid.NewCidV0(u.Hash([]byte(consonant)))
 		prq.Remove(c, partner)
 	}

@@ -66,8 +66,8 @@ func TestPushPop(t *testing.T) {

 	// Entries popped should already be in correct order
 	for i, expected := range vowels {
-		exp := cid.NewCidV0(u.Hash([]byte(expected))).String()
-		if out[i] != exp {
+		exp, _ := cid.NewCidV0(u.Hash([]byte(expected)))
+		if out[i] != exp.String() {
 			t.Fatal("received", out[i], "expected", expected)
 		}
 	}
@@ -84,7 +84,7 @@ func TestPeerRepeats(t *testing.T) {
 	// Have each push some blocks

 	for i := 0; i < 5; i++ {
-		elcid := cid.NewCidV0(u.Hash([]byte(fmt.Sprint(i))))
+		elcid, _ := cid.NewCidV0(u.Hash([]byte(fmt.Sprint(i))))
 		prq.Push(&wantlist.Entry{Cid: elcid}, a)
 		prq.Push(&wantlist.Entry{Cid: elcid}, b)
 		prq.Push(&wantlist.Entry{Cid: elcid}, c)

--- a/exchange/bitswap/message/message_test.go
+++ b/exchange/bitswap/message/message_test.go
@@ -13,7 +13,8 @@ import (
 )

 func mkFakeCid(s string) *cid.Cid {
-	return cid.NewCidV0(u.Hash([]byte(s)))
+	c, _ := cid.NewCidV0(u.Hash([]byte(s)))
+	return c
 }

 func TestAppendWanted(t *testing.T) {

--- a/path/path.go
+++ b/path/path.go
@@ -10,15 +10,25 @@ import (
 )

 var (
-	// ErrBadPath is returned when a given path is incorrectly formatted
-	ErrBadPath = errors.New("invalid 'ipfs ref' path")
-
 	// ErrNoComponents is used when Paths after a protocol
 	// do not contain at least one component
 	ErrNoComponents = errors.New(
 		"path must contain at least one component")
 )

+// ErrBadPath is returned when a given path is incorrectly formatted
+type ErrBadPath struct {
+	Err error
+}
+
+func (e ErrBadPath) Error() string {
+	errStr := "invalid 'ipfs ref' path"
+	if e.Err != nil {
+		errStr += ": " + e.Err.Error()
+	}
+	return errStr
+}
+
 // A Path represents an ipfs content path:
 //   * /<cid>/path/to/file
 //   * /ipfs/<cid>
@@ -106,14 +116,14 @@ func ParsePath(txt string) (Path, error) {
 	// we expect this to start with a hash, and be an 'ipfs' path
 	if parts[0] != "" {
 		if _, err := ParseCidToPath(parts[0]); err != nil {
-			return "", ErrBadPath
+			return "", ErrBadPath{err}
 		}
 		// The case when the path starts with hash without a protocol prefix
 		return Path("/ipfs/" + txt), nil
 	}

 	if len(parts) < 3 {
-		return "", ErrBadPath
+		return "", ErrBadPath{}
 	}

 	if parts[1] == "ipfs" {
@@ -121,7 +131,7 @@ func ParsePath(txt string) (Path, error) {
 			return "", err
 		}
 	} else if parts[1] != "ipns" {
-		return "", ErrBadPath
+		return "", ErrBadPath{}
 	}

 	return Path(txt), nil

--- a/test/integration/bitswap_wo_routing_test.go
+++ b/test/integration/bitswap_wo_routing_test.go
@@ -70,7 +70,8 @@ func TestBitswapWithoutRouting(t *testing.T) {
 		}

 		log.Debugf("%d %s get block.", i, n.Identity)
-		b, err := n.Blocks.GetBlock(ctx, cid.NewCidV0(block0.Multihash()))
+		c, _ := cid.NewCidV0(block0.Multihash())
+		b, err := n.Blocks.GetBlock(ctx, c)
 		if err != nil {
 			t.Error(err)
 		} else if !bytes.Equal(b.RawData(), block0.RawData()) {
@@ -87,7 +88,8 @@ func TestBitswapWithoutRouting(t *testing.T) {

 	//  get it out.
 	for _, n := range nodes {
-		b, err := n.Blocks.GetBlock(ctx, cid.NewCidV0(block1.Multihash()))
+		c, _ :=  cid.NewCidV0(block1.Multihash())
+		b, err := n.Blocks.GetBlock(ctx,c)
 		if err != nil {
 			t.Error(err)
 		} else if !bytes.Equal(b.RawData(), block1.RawData()) {

--- a/test/sharness/t0275-cid-security-data/AFKSEBCGPUJZE.data
+++ b/test/sharness/t0275-cid-security-data/AFKSEBCGPUJZE.data
+testing
--- a/test/sharness/t0275-cid-security.sh
+++ b/test/sharness/t0275-cid-security.sh
+#!/usr/bin/env bash
+#
+# Copyright (c) 2017 Jakub Sztandera
+# MIT Licensed; see the LICENSE file in this repository.
+#
+
+test_description="Cid Security"
+
+. lib/test-lib.sh
+
+test_init_ipfs
+
+test_expect_success "adding using unsafe function fails with error" '
+  echo foo | test_must_fail ipfs add --hash murmur3 2>add_out
+'
+
+test_expect_success "error reason is pointed out" '
+  grep "insecure hash functions not allowed" add_out
+'
+
+test_expect_success "adding using too short of a hash function gives out an error" '
+  echo foo | test_must_fail ipfs block put --format protobuf --mhlen 19 2>block_out
+'
+
+test_expect_success "error reason is pointed out" '
+  grep "hashes must be at least 20 bytes long" block_out
+'
+
+
+test_cat_get() {
+
+  test_expect_success "ipfs cat fails with unsafe hash function" '
+    test_must_fail ipfs cat zDvnoLcPKWR 2>ipfs_cat
+  '
+
+
+  test_expect_success "error reason is pointed out" '
+    grep "insecure hash functions not allowed" ipfs_cat
+  '
+
+
+  test_expect_success "ipfs get fails with too short function" '
+    test_must_fail ipfs get z2ba5YhCCFNFxLtxMygQwjBjYSD8nUeN 2>ipfs_get
+
+    '
+
+  test_expect_success "error reason is pointed out" '
+     grep "hashes must be at least 20 bytes long" ipfs_get
+  '
+}
+
+
+test_gc() {
+  test_expect_success "injecting insecure block" '
+    mkdir -p "$IPFS_PATH/blocks/JZ" &&
+    cp -f ../t0275-cid-security-data/AFKSEBCGPUJZE.data "$IPFS_PATH/blocks/JZ" &&
+    ipfs refs local
+  '
+
+  test_expect_success "gc works" 'ipfs repo gc > gc_out'
+  test_expect_success "gc removed bad block" '
+    grep zDvnoGUyhEq gc_out
+  '
+}
+
+
+# should work offline
+test_cat_get
+test_gc
+
+# should work online
+test_launch_ipfs_daemon
+test_cat_get
+test_gc
+
+test_expect_success "add block linking to insecure" '
+  mkdir -p "$IPFS_PATH/blocks/5X" &&
+  cp -f "../t0275-cid-security-data/CIQG6PGTD2VV34S33BE4MNCQITBRFYUPYQLDXYARR3DQW37MOT7K5XI.data" "$IPFS_PATH/blocks/5X"
+'
+
+test_expect_success "ipfs cat fails with code 1 and not timeout" '
+  test_expect_code 1 go-timeout 1s ipfs cat QmVpsktzNeJdfWEpyeix93QJdQaBSgRNxebSbYSo9SQPGx
+'
+
+test_kill_ipfs_daemon
+
+test_done