Index: /trunk/src/VBox/Main/include/ApplianceImplPrivate.h =================================================================== --- /trunk/src/VBox/Main/include/ApplianceImplPrivate.h (revision 45353) +++ /trunk/src/VBox/Main/include/ApplianceImplPrivate.h (revision 45354) @@ -48,4 +48,5 @@ { enum ApplianceState { ApplianceIdle, ApplianceImporting, ApplianceExporting }; + enum digest_T {SHA1, SHA256}; Data() @@ -75,4 +76,6 @@ bool fManifest; // Create a manifest file on export bool fSha256; // true = SHA256 (OVF 2.0), false = SHA1 (OVF 1.0) + Utf8Str strOVFSHADigest;//SHA digest of OVf file. It is stored here after reading OVF file (before import) + RTCList optList; @@ -88,5 +91,4 @@ ULONG ulTotalDisksMB; ULONG cDisks; - Utf8Str strOVFSHADigest; std::list llGuidsMachinesCreated; @@ -226,4 +228,6 @@ Utf8Str convertNetworkAttachmentTypeToString(NetworkAttachmentType_T type); +bool checkComplianceDigestAndOVFVersion(bool digestType, ovf::OVFVersion_T ovfVersion); + typedef struct SHASTORAGE { Index: /trunk/src/VBox/Main/include/ovfreader.h =================================================================== --- /trunk/src/VBox/Main/include/ovfreader.h (revision 45353) +++ /trunk/src/VBox/Main/include/ovfreader.h (revision 45354) @@ -179,4 +179,17 @@ return OVFVersion_unknown; } + + + RTCString getStringOVFVersion() const + { + if(version == "0.9") + return "0.9"; + else if(version == "1.0") + return "1.0"; + else if(version == "2.0") + return "2.0"; + else + return ""; + } }; Index: /trunk/src/VBox/Main/src-server/ApplianceImpl.cpp =================================================================== --- /trunk/src/VBox/Main/src-server/ApplianceImpl.cpp (revision 45353) +++ /trunk/src/VBox/Main/src-server/ApplianceImpl.cpp (revision 45354) @@ -274,4 +274,14 @@ } +bool checkComplianceDigestAndOVFVersion(bool digestType, ovf::OVFVersion_T ovfVersion) +{ + bool res = false; + if ((ovfVersion == ovf::OVFVersion_2_0 && digestType == true) || + (ovfVersion == ovf::OVFVersion_1_0 && digestType == false) || + (ovfVersion == ovf::OVFVersion_0_9 && digestType == false)) + res = true; + return res; +} + //////////////////////////////////////////////////////////////////////////////// // Index: /trunk/src/VBox/Main/src-server/ApplianceImplImport.cpp =================================================================== --- /trunk/src/VBox/Main/src-server/ApplianceImplImport.cpp (revision 45353) +++ /trunk/src/VBox/Main/src-server/ApplianceImplImport.cpp (revision 45354) @@ -837,9 +837,9 @@ Utf8Str strMfFile = Utf8Str(pTask->locInfo.strPath).stripExt().append(".mf"); + SHASTORAGE storage; + RT_ZERO(storage); + if (RTFileExists(strMfFile.c_str())) { - SHASTORAGE storage; - RT_ZERO(storage); - pShaIo = ShaCreateInterface(); if (!pShaIo) @@ -851,16 +851,24 @@ //read the manifest file and find a type of used digest RTFILE pFile = NULL; - RTFileOpen(&pFile, strMfFile.c_str(), RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE); + vrc = RTFileOpen(&pFile, strMfFile.c_str(), RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE); if(RT_SUCCESS(vrc) && pFile != NULL) { uint64_t cbFile = 0; + uint64_t maxFileSize = _1M; size_t cbRead = 0; void *pBuf; vrc = RTFileGetSize(pFile, &cbFile); - if(RT_SUCCESS(vrc) && cbFile > 0) + if (cbFile > maxFileSize) + throw setError(VBOX_E_FILE_ERROR, + tr("Size of the manifest file '%s' is bigger than 1Mb. Check it, please."), + RTPathFilename(strMfFile.c_str())); + + if (RT_SUCCESS(vrc)) pBuf = RTMemAllocZ(cbFile); else - throw vrc; + throw setError(VBOX_E_FILE_ERROR, + tr("Could not get size of the manifest file '%s' "), + RTPathFilename(strMfFile.c_str())); vrc = RTFileRead(pFile, pBuf, cbFile, &cbRead); @@ -871,5 +879,5 @@ RTMemFree(pBuf); throw setError(VBOX_E_FILE_ERROR, - tr("Could not read manifest file '%s' (%Rrc)"), + tr("Could not read the manifest file '%s' (%Rrc)"), RTPathFilename(strMfFile.c_str()), vrc); } @@ -893,30 +901,31 @@ storage.fSha256 = true; } - else - { - storage.fSha256 = false; - } + + vrc = VDInterfaceAdd(&pFileIo->Core, "Appliance::IOFile", + VDINTERFACETYPE_IO, 0, sizeof(VDINTERFACEIO), + &storage.pVDImageIfaces); + if (RT_FAILURE(vrc)) + throw setError(VBOX_E_IPRT_ERROR, "Creation of the VD interface failed (%Rrc)", vrc); + + rc = readFSImpl(pTask, pTask->locInfo.strPath, pShaIo, &storage); + if (FAILED(rc)) + break; } - - /////////////////////////////////////////// - - vrc = VDInterfaceAdd(&pFileIo->Core, "Appliance::IOFile", - VDINTERFACETYPE_IO, 0, sizeof(VDINTERFACEIO), - &storage.pVDImageIfaces); - if (RT_FAILURE(vrc)) - rc = setError(VBOX_E_IPRT_ERROR, "Creation of the VD interface failed (%Rrc)", vrc); - - storage.fCreateDigest = true; - - rc = readFSImpl(pTask, pTask->locInfo.strPath, pShaIo, &storage); + else + { + throw setError(VBOX_E_FILE_ERROR, + tr("Could not open the manifest file '%s' (%Rrc)"), + RTPathFilename(strMfFile.c_str()), vrc); + } } else - rc = readFSImpl(pTask, pTask->locInfo.strPath, pFileIo, NULL); + { + storage.fCreateDigest = false; + rc = readFSImpl(pTask, pTask->locInfo.strPath, pFileIo, &storage); + if (FAILED(rc)) + break; + } } catch (HRESULT rc2) - { - rc = rc2; - } - catch (int rc2) { rc = rc2; @@ -942,49 +951,127 @@ RTTAR tar; - int vrc = RTTarOpen(&tar, pTask->locInfo.strPath.c_str(), RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE, true); - if (RT_FAILURE(vrc)) - return setError(VBOX_E_FILE_ERROR, - tr("Could not open OVA file '%s' (%Rrc)"), - pTask->locInfo.strPath.c_str(), vrc); - HRESULT rc = S_OK; - + int vrc = 0; PVDINTERFACEIO pShaIo = 0; PVDINTERFACEIO pTarIo = 0; char *pszFilename = 0; - do - { + void *pBuf = NULL; + SHASTORAGE storage; + + RT_ZERO(storage); + + try + { + vrc = RTTarOpen(&tar, pTask->locInfo.strPath.c_str(), RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE, true); + if (RT_FAILURE(vrc)) + { + return setError(VBOX_E_FILE_ERROR, + tr("Could not open the OVA file '%s' (%Rrc)"), + pTask->locInfo.strPath.c_str(), vrc); + } + vrc = RTTarCurrentFile(tar, &pszFilename); if (RT_FAILURE(vrc)) { - rc = VBOX_E_FILE_ERROR; - break; + throw setError(VBOX_E_FILE_ERROR, + tr("Could not extract the OVF file from the OVA package (%Rrc)"), + vrc); } - pShaIo = ShaCreateInterface(); - if (!pShaIo) - { - rc = E_OUTOFMEMORY; - break; + + //find the manifest file + Utf8Str strMfFile = Utf8Str(pszFilename).stripPath().stripExt().append(".mf"); + vrc = RTTarFileExists(pTask->locInfo.strPath.c_str(), strMfFile.c_str()); + if (RT_SUCCESS(vrc)) + { + //read the manifest file and find a type of used digest + size_t cbRead = 0; + RTDIGESTTYPE digestType = RTDIGESTTYPE_UNKNOWN; + + vrc = RTTarExtractFileToBuf(pTask->locInfo.strPath.c_str(), &pBuf, &cbRead, strMfFile.c_str(), NULL, NULL); + if (RT_FAILURE(vrc)) + { + throw setError(VBOX_E_FILE_ERROR, + tr("Could not read the manifest file '%s' (%Rrc) from OVA package"), + RTPathFilename(strMfFile.c_str()), vrc); + } + + vrc = RTManifestVerifyDigestType(pBuf, cbRead, digestType); + + if (RT_FAILURE(vrc)) + { + throw setError(VBOX_E_FILE_ERROR, + tr("Could not verify supported digest types in the manifest file '%s' (%Rrc)"), + RTPathFilename(strMfFile.c_str()), vrc); + } + + storage.fCreateDigest = true; + + if (digestType == RTDIGESTTYPE_SHA256) + { + storage.fSha256 = true; + } } - pTarIo = TarCreateInterface(); - if (!pTarIo) - { - rc = E_OUTOFMEMORY; - break; + } + catch (HRESULT res) + { + rc = res; + } + + if (pBuf) + RTMemFree(pBuf); + + RTTarClose(tar); + + + if (SUCCEEDED(rc)) + { + vrc = RTTarOpen(&tar, pTask->locInfo.strPath.c_str(), RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE, true); + if (RT_FAILURE(vrc)) + rc = setError(VBOX_E_FILE_ERROR, + tr("Could not open the OVA file '%s' (%Rrc)"), + pTask->locInfo.strPath.c_str(), vrc); + else + { + do + { + vrc = RTTarCurrentFile(tar, &pszFilename); + if (RT_FAILURE(vrc)) + { + rc = VBOX_E_FILE_ERROR; + break; + } + pTarIo = TarCreateInterface(); + if (!pTarIo) + { + rc = E_OUTOFMEMORY; + break; + } + + pShaIo = ShaCreateInterface(); + if (!pShaIo) + { + rc = E_OUTOFMEMORY; + break ; + } + + vrc = VDInterfaceAdd(&pTarIo->Core, "Appliance::IOTar", + VDINTERFACETYPE_IO, tar, sizeof(VDINTERFACEIO), + &storage.pVDImageIfaces); + if (RT_FAILURE(vrc)) + { + rc = setError(VBOX_E_IPRT_ERROR, "Creation of the VD interface failed (%Rrc)", vrc); + break; + } + + rc = readFSImpl(pTask, pszFilename, pShaIo, &storage); + if (FAILED(rc)) + break; + + }while(0); + + RTTarClose(tar); } - SHASTORAGE storage; - RT_ZERO(storage); - vrc = VDInterfaceAdd(&pTarIo->Core, "Appliance::IOTar", - VDINTERFACETYPE_IO, tar, sizeof(VDINTERFACEIO), - &storage.pVDImageIfaces); - if (RT_FAILURE(vrc)) - { - rc = setError(VBOX_E_IPRT_ERROR, "Creation of the VD interface failed (%Rrc)", vrc); - break; - } - rc = readFSImpl(pTask, pszFilename, pShaIo, &storage); - }while(0); - - RTTarClose(tar); + } + /* Cleanup */ @@ -1007,6 +1094,4 @@ HRESULT rc = S_OK; - - pStorage->fCreateDigest = true; void *pvTmpBuf = 0; @@ -1023,4 +1108,16 @@ /* Copy the SHA1/SHA256 sum of the OVF file for later validation */ m->strOVFSHADigest = pStorage->strDigest; + + if (pStorage->fCreateDigest) + { + m->fManifest = true; + /* Save a type of used SHA algorithm. Type was extracted during pre-reading manifest (.mf) file*/ + m->fSha256 = pStorage->fSha256; + } + else + { + m->fManifest = false; + } + /* Read & parse the XML structure of the OVF file */ m->pReader = new ovf::OVFReader(pvTmpBuf, cbSize, pTask->locInfo.strPath); @@ -1322,4 +1419,7 @@ Utf8Str strMfFile = Utf8Str(pTask->locInfo.strPath).stripExt().append(".mf"); + SHASTORAGE storage; + RT_ZERO(storage); + /* Create the import stack for the rollback on errors. */ ImportStack stack(pTask->locInfo, m->pReader->m_mapDisks, pTask->pProgress); @@ -1327,7 +1427,4 @@ if (RTFileExists(strMfFile.c_str())) { - SHASTORAGE storage; - RT_ZERO(storage); - pShaIo = ShaCreateInterface(); if (!pShaIo) @@ -1335,4 +1432,5 @@ storage.fCreateDigest = true; + int vrc = VDInterfaceAdd(&pFileIo->Core, "Appliance::IOFile", VDINTERFACETYPE_IO, 0, sizeof(VDINTERFACEIO), @@ -1342,5 +1440,5 @@ size_t cbMfSize = 0; - storage.fCreateDigest = true; + /* Now import the appliance. */ importMachines(stack, pShaIo, &storage); @@ -1354,5 +1452,8 @@ } else - importMachines(stack, pFileIo, NULL); + { + storage.fCreateDigest = false; + importMachines(stack, pFileIo, &storage); + } } catch (HRESULT rc2) @@ -1741,5 +1842,5 @@ if (RT_UNLIKELY(vrc == VERR_MANIFEST_DIGEST_MISMATCH)) rc = setError(VBOX_E_FILE_ERROR, - tr("The SHA1 digest of '%s' does not match the one in '%s' (%Rrc)"), + tr("The SHA digest of '%s' does not match the one in '%s' (%Rrc)"), RTPathFilename(paTests[iFailed].pszTestFile), RTPathFilename(strFile.c_str()), vrc); else if (RT_FAILURE(vrc)) @@ -2914,5 +3015,14 @@ const ovf::OVFVersion_T ovfVersion = reader.m_envelopeData.getOVFVersion(); - if ( ovfVersion == ovf::OVFVersion_2_0) + /* check compliance between OVF file and MF file (correctly used type of SHA digest)*/ + if (m->fManifest && !checkComplianceDigestAndOVFVersion(m->fSha256, ovfVersion)) + { + RTCString ovfVer = reader.m_envelopeData.getStringOVFVersion(); + throw setError(VBOX_E_FILE_ERROR, + tr("Incompliance between found OVF standard version %s in the OVF file and used digest %s"), + ovfVer.c_str(), (m->fSha256 == false)? "SHA1":"SHA256"); + } + + if (ovfVersion == ovf::OVFVersion_2_0) pStorage->fSha256 = true; Index: /trunk/src/VBox/Runtime/VBox/VBoxRTImp.def =================================================================== --- /trunk/src/VBox/Runtime/VBox/VBoxRTImp.def (revision 45353) +++ /trunk/src/VBox/Runtime/VBox/VBoxRTImp.def (revision 45354) @@ -664,4 +664,5 @@ RTManifestVerifyFiles RTManifestVerifyFilesBuf + RTManifestVerifyDigestType RTManifestWriteFiles RTManifestWriteFilesBuf Index: /trunk/src/VBox/Runtime/common/checksum/manifest.cpp =================================================================== --- /trunk/src/VBox/Runtime/common/checksum/manifest.cpp (revision 45353) +++ /trunk/src/VBox/Runtime/common/checksum/manifest.cpp (revision 45354) @@ -322,4 +322,7 @@ break; } + + pcBuf += cch; + cbRead += cch; }