| 1 |
#!/bin/sh |
| 2 |
# |
| 3 |
# Licensed to the Apache Software Foundation (ASF) under one |
| 4 |
# or more contributor license agreements. See the NOTICE file |
| 5 |
# distributed with this work for additional information |
| 6 |
# regarding copyright ownership. The ASF licenses this file |
| 7 |
# to you under the Apache License, Version 2.0 (the |
| 8 |
# "License"); you may not use this file except in compliance |
| 9 |
# with the License. You may obtain a copy of the License at |
| 10 |
# |
| 11 |
# http://www.apache.org/licenses/LICENSE-2.0 |
| 12 |
# |
| 13 |
# Unless required by applicable law or agreed to in writing, |
| 14 |
# software distributed under the License is distributed on an |
| 15 |
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 16 |
# KIND, either express or implied. See the License for the |
| 17 |
# specific language governing permissions and limitations |
| 18 |
# under the License. |
| 19 |
# |
| 20 |
# |
| 21 |
# $Id$ |
| 22 |
# |
| 23 |
# Prevents some SHA-1 collisions to be commited |
| 24 |
# Test fo the 320 byte prefix found on https://shattered.io/ |
| 25 |
# If the files are committed in the same transaction, svnlook |
| 26 |
# will error out itself due to the apparent corruption in the |
| 27 |
# candidate revision |
| 28 |
|
| 29 |
REPOS="$1" |
| 30 |
TXN="$2" |
| 31 |
SVNLOOK=/usr/bin/svnlook |
| 32 |
|
| 33 |
$SVNLOOK changed -t "$TXN" "$REPOS" |
| 34 |
if [ $? -ne 0 ]; then |
| 35 |
echo $FILES >&2 |
| 36 |
echo "svnlook failed, possible SHA-1 collision" >&2 |
| 37 |
exit 2 |
| 38 |
fi |
| 39 |
|
| 40 |
FILES=`$SVNLOOK changed -t "$TXN" "$REPOS" | /usr/bin/grep -Ev '^D ' | /usr/bin/awk '{print $2}'` |
| 41 |
for FILE in $FILES; do |
| 42 |
PREFIX=`$SVNLOOK cat -t "$TXN" "$REPOS" "$FILE" | head -c320 | /usr/bin/sha1sum | cut -c-40` |
| 43 |
if [ "$PREFIX" == 'f92d74e3874587aaf443d1db961d4e26dde13e9c' ]; then |
| 44 |
echo "known SHA-1 collision rejected" >&2 |
| 45 |
exit 3 |
| 46 |
fi |
| 47 |
done |
Parent Directory
| 
Revision Log