[cmake-developers] [PATCH] Fix infinite loop in file downloads if hash value not a match
Alan W. Irwin
irwin at beluga.phys.uvic.ca
Mon Sep 8 15:52:09 EDT 2014
I was caught by this infinite loop issue when attempting to build
Qt5.3.1 using ExternalProject.cmake. I used an MD5 sum value given by
BLFS for the Qt5.3.1 tar.gz download which happened to be the wrong
value. In my case the consequences were not too bad because I
was "downloading" from a local disk drive "URL". However, this
infinite loop could be construed as a denial-of-service attack
on some open-source project if an actual download keeps getting
repeated indefinitely. Note this bad retries logic in the downloads
was introduced after CMake-2.8.12.2, and a search of the bug tracker
for "infinite" shows nothing relevant.
See attached patch in "git format-patch" form that fixes the problem
for the CMake master branch.
Alan
__________________________
Alan W. Irwin
Astronomical research affiliation with Department of Physics and Astronomy,
University of Victoria (astrowww.phys.uvic.ca).
Programming affiliations with the FreeEOS equation-of-state
implementation for stellar interiors (freeeos.sf.net); the Time
Ephemerides project (timeephem.sf.net); PLplot scientific plotting
software package (plplot.sf.net); the libLASi project
(unifont.org/lasi); the Loads of Linux Links project (loll.sf.net);
and the Linux Brochure Project (lbproject.sf.net).
__________________________
Linux-powered Science
__________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-infinite-loop-in-file-downloads-if-hash-value-no.patch
Type: text/x-diff
Size: 841 bytes
Desc: Fix for ExternalProject.cmake
URL: <http://public.kitware.com/pipermail/cmake-developers/attachments/20140908/6f584082/attachment.patch>
More information about the cmake-developers
mailing list