collisions through uploading same-named .pack files not handled correctly

Bug #165293 reported by Robert Collins on 2007-11-26
8
Affects Status Importance Assigned to Milestone
Bazaar
High
Unassigned
Breezy
Medium
Unassigned

Bug Description

hash collisions in the packs list are not handled as robustly as needed
for for widespread use. Specifically the indices are not renamed into
place, and the content-is-same check is not performed. This also impacts
the removal-of-old packs logic which could potentially race with
uploads, so this needs to be assessed. (We need to
get names-list-lock
merge the names into memory
check our pack name is not now-present
rename into place
write the names list
release the lock

 affects bzr
 tag packs
 status triaged

--
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Martin Pool (mbp) on 2007-11-26
Changed in bzr:
importance: Undecided → High
status: Triaged → Confirmed
John A Meinel (jameinel) wrote :

Are we assuming that if there is a name conflict then the packs are identical?

Or do we also need to grab at least the indexes and make sure that they have identical data.

On Tue, 2007-11-27 at 23:30 +0000, John A Meinel wrote:
> Are we assuming that if there is a name conflict then the packs are
> identical?

No. The existing pack could be corrupt (io error in the past), or
malicious (collision, or deliberately something that doesn't match the
md5sum as its name).

> Or do we also need to grab at least the indexes and make sure that they
> have identical data.

We should check the pack and the indices. The indices may vary because
we haven't solved the 'indices must be regeneratable' bug yet.

The
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Jelmer Vernooij (jelmer) on 2017-11-08
tags: added: check-for-breezy
Jelmer Vernooij (jelmer) on 2017-11-11
Changed in brz:
status: New → Triaged
importance: Undecided → Medium
tags: removed: check-for-breezy
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers