Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional potential corruption when downloading packages #1505

Closed
yishaigalatzer opened this issue Oct 2, 2015 · 2 comments
Closed

Additional potential corruption when downloading packages #1505

yishaigalatzer opened this issue Oct 2, 2015 · 2 comments
Assignees
@danliu
Labels
Priority:2 Issues for the current backlog. Type:Bug
Milestone
3.3.0

Comments

@yishaigalatzer
Copy link

See - NuGetArchive/NuGet3@0005387#diff-81ea29218a578d3a3f3492f0b1e45b32R122

The code writing the hash is not Atomic, so that hash can be corrupt.

The right code should

                             using (var sha512 = SHA512.Create())
                             {
                                 packageHash = Convert.ToBase64String(sha512.ComputeHash(nupkgStream));
                             }

-                            // Note: PackageRepository relies on the hash file being written out as the final operation as part of a package install
-                            // to assume a package was fully installed.
+                            // Note: PackageRepository relies on the hash file being written out as the
+                            // final operation as part of a package install to assume a package was fully installed.

                             // ==> Change here - Create temp file for hash, (see above code for temp file for nupkg)

                             File.WriteAllText(tempHashPath, packageHash);
                             File.Move(tempHashPath, hashPath);
@yishaigalatzer
Copy link
Author

The good news is that this is a dormant bug, because nothing is currently looking at the hash, and if/when it does it will just replace the package.

@yishaigalatzer yishaigalatzer added Type:Bug Priority:2 Issues for the current backlog. labels Oct 2, 2015
@yishaigalatzer yishaigalatzer modified the milestones: 3.3.0-commandline, 3.3.0-Beta Oct 2, 2015
@danliu
Copy link

danliu commented Oct 12, 2015

PR submitted: NuGet/NuGet.Client#19

danliu pushed a commit to NuGet/NuGet.Client that referenced this issue Oct 13, 2015
Fixes NuGet/Home#1505
be1912c
@danliu danliu closed this as completed Oct 13, 2015
MeniZalzman pushed a commit to NuGet/NuGet.Client that referenced this issue Oct 14, 2015
Fixes NuGet/Home#1505
fdbd09f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danliu danliu

Labels
Priority:2 Issues for the current backlog. Type:Bug
Projects
None yet
Milestone
3.3.0
Development

No branches or pull requests
2 participants
@danliu @yishaigalatzer