https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7418

            Bug ID: 7418
           Summary: SHA1 verification of rule updates fails if curl is
                    used
           Product: Spamassassin
           Version: 3.4.1
          Hardware: PC
                OS: Windows 7
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sa-update
          Assignee: dev@spamassassin.apache.org
          Reporter: pu...@jam-software.com
  Target Milestone: Undefined

On Windows, if curl (or another external tool) is used by sa-update for 
downloading rule updates, the SHA1 verification of the downloaded files will 
fail.

The reason is that Windows uses different line endings than Unix. If you read a 
file in "text mode" in Perl, the line endings will automatically be converted. 
If you then calculate a hash of the contents of a binary file, you will not get 
the expected result. A binary file needs to be read in "binary mode" by calling 
binmode [^1] on the file handle before reading from the file.

[^1]: http://perldoc.perl.org/functions/binmode.html

I have attached a patch that fixes the problem. It does so, by always calling 
binmode if necessary. There is no good way for the subroutine `http_get` to 
tell whether the file it has downloaded is a text file or a binary file. (The 
routine could consider the MIME type, but that seemed overly complicated to 
me). That is why I have decided to extract a new subroutine (`read_content`) 
that will read the content, and that takes a parameter `$binary_mode` which 
allows the user of the routine to tell it in which mode the file needs to be 
read. `http_get` will not return the content of the file anymore. I have 
adjusted all places where the routine is used accordingly.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to