You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@commons.apache.org by gg...@apache.org on 2022/05/05 17:19:08 UTC

[commons-compress] 02/05: ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream.

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git

commit 4f5af021834caab4dab3b08cd89db30fff6830ec
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Thu May 5 09:26:04 2022 -0400

    ChecksumVerifyingInputStream.read() does not always validate checksum at
    end-of-stream.
---
 src/changes/changes.xml                                                | 3 +++
 .../apache/commons/compress/utils/ChecksumVerifyingInputStream.java    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index ecba8dad..fd207832 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -103,6 +103,9 @@ The <action> type attribute can be add,update,fix,remove.
       <action type="fix" dev="ggregory" due-to="Arturo Bernal">
         Avoid use C-style array declaration. #282.
       </action>
+      <action type="fix" dev="ggregory" due-to="Gary Gregory">
+        ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream.        
+      </action>
       <!-- ADD -->
       <action issue="COMPRESS-602" type="add" dev="ggregory" due-to="Postelnicu George, Gary Gregory">
         Migrate zip package to use NIO #236.
diff --git a/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java b/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java
index c80f7c82..cce434a0 100644
--- a/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java
+++ b/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java
@@ -65,7 +65,7 @@ public class ChecksumVerifyingInputStream extends InputStream {
             checksum.update(ret);
             --bytesRemaining;
         }
-        if (bytesRemaining == 0 && expectedChecksum != checksum.getValue()) {
+        if (bytesRemaining <= 0 && expectedChecksum != checksum.getValue()) {
             throw new IOException("Checksum verification failed");
         }
         return ret;