immutable: prevent clients from reading past the end of share data, which would allow...

Declare explicitly that we prevent this problem in the server's version dict.
fixes #1528 (there are two patches that are each a sufficient fix to #1528 and this is one of them)

diff --git a/src/allmydata/storage/immutable.py b/src/allmydata/storage/immutable.py
index b7c4a9f9eaa0a5c29861c22d8219bb8b90bfccfc..a50ff422d607c13845584cc3ba6556630e5d86dc 100644 (file)
--- a/src/allmydata/storage/immutable.py
+++ b/src/allmydata/storage/immutable.py
@@ -83,11 +83,9 @@ class ShareFile:
     def read_share_data(self, offset, length):
         precondition(offset >= 0)
         # reads beyond the end of the data are truncated. Reads that start
-        # beyond the end of the data return an empty string. I wonder why
-        # Python doesn't do the following computation for me?
+        # beyond the end of the data return an empty string.
         seekpos = self._data_offset+offset
-        fsize = os.path.getsize(self.home)
-        actuallength = max(0, min(length, fsize-seekpos))
+        actuallength = max(0, min(length, self._lease_offset-seekpos))
         if actuallength == 0:
             return ""
         f = open(self.home, 'rb')

diff --git a/src/allmydata/storage/server.py b/src/allmydata/storage/server.py
index 8350e813c11c709af7dd6d97aab355c76e6d23c9..7dd3cb4722b3036697ce5f733acbaafd1c85c711 100644 (file)
--- a/src/allmydata/storage/server.py
+++ b/src/allmydata/storage/server.py
@@ -222,6 +222,7 @@ class StorageServer(service.MultiService, Referenceable):
                     { "maximum-immutable-share-size": remaining_space,
                       "tolerates-immutable-read-overrun": True,
                       "delete-mutable-shares-with-zero-length-writev": True,
+                      "prevents-read-past-end-of-share-data": True,
                       },
                     "application-version": str(allmydata.__full_version__),
                     }