You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2022/05/05 17:19:08 UTC
[commons-compress] 02/05: ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
commit 4f5af021834caab4dab3b08cd89db30fff6830ec
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Thu May 5 09:26:04 2022 -0400
ChecksumVerifyingInputStream.read() does not always validate checksum at
end-of-stream.
---
src/changes/changes.xml | 3 +++
.../apache/commons/compress/utils/ChecksumVerifyingInputStream.java | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index ecba8dad..fd207832 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -103,6 +103,9 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="ggregory" due-to="Arturo Bernal">
Avoid use C-style array declaration. #282.
</action>
+ <action type="fix" dev="ggregory" due-to="Gary Gregory">
+ ChecksumVerifyingInputStream.read() does not always validate checksum at end-of-stream.
+ </action>
<!-- ADD -->
<action issue="COMPRESS-602" type="add" dev="ggregory" due-to="Postelnicu George, Gary Gregory">
Migrate zip package to use NIO #236.
diff --git a/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java b/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java
index c80f7c82..cce434a0 100644
--- a/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java
+++ b/src/main/java/org/apache/commons/compress/utils/ChecksumVerifyingInputStream.java
@@ -65,7 +65,7 @@ public class ChecksumVerifyingInputStream extends InputStream {
checksum.update(ret);
--bytesRemaining;
}
- if (bytesRemaining == 0 && expectedChecksum != checksum.getValue()) {
+ if (bytesRemaining <= 0 && expectedChecksum != checksum.getValue()) {
throw new IOException("Checksum verification failed");
}
return ret;