Need to check for SHA-1 collision when generating filenames for attachments.

Bug #1185342 reported by Daniel Hammerschmidt on 2013-05-29
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
Confirmed
Wishlist
OpenERP's Framework R&D

Bug Description

If we store attachments (ir.attachment) in the filesystem the physical filename is generated from the SHA-1 hash of the files content. This is good if we save attachments with the same (binary) content to save space.

But SHA-1 is not collision free. So, two different files could have the same hash. Nobody detected a SHA-1 collision yet, AFAIK. Probably this would never happen. But if it happens assuredly we overwrite a very important document with an unimportant ad.

I added some code to check for and handle this case. Please take a look.

description: updated
Changed in openobject-server:
assignee: nobody → OpenERP's Framework R&D (openerp-dev-framework)
importance: Undecided → Wishlist
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers