/pidgin/main: 7ca529729634: Remove purple_util_get_image_checksu...
Mark Doliner
mark at kingant.net
Tue Feb 19 01:13:24 EST 2013
Changeset: 7ca52972963453b64c3fef3549442e3bd5e64175
Author: Mark Doliner <mark at kingant.net>
Date: 2013-02-18 22:13 -0800
Branch: default
URL: http://hg.pidgin.im/pidgin/main/rev/7ca529729634
Description:
Remove purple_util_get_image_checksum and use
g_compute_checksum_for_data(G_CHECKSUM_SHA1, ...), instead
diffstat:
ChangeLog.API | 2 ++
libpurple/smiley.c | 3 ++-
libpurple/util.c | 38 +++++---------------------------------
libpurple/util.h | 5 -----
4 files changed, 9 insertions(+), 39 deletions(-)
diffs (91 lines):
diff --git a/ChangeLog.API b/ChangeLog.API
--- a/ChangeLog.API
+++ b/ChangeLog.API
@@ -231,6 +231,8 @@ version 3.0.0 (??/??/????):
* purple_util_fetch_url_request, instead.
* purple_util_fetch_url_request_len_with_account. Use
purple_util_fetch_url_request, instead.
+ * purple_util_get_image_checksum. Use
+ g_compute_checksum_for_data(G_CHECKSUM_SHA1, ...), instead.
* PurpleCertificateVerificationStatus.PURPLE_CERTIFICATE_INVALID
* PurpleConnectionUiOps.report_disconnect_reason
* PurplePluginProtocolInfo.add_buddy_with_invite
diff --git a/libpurple/smiley.c b/libpurple/smiley.c
--- a/libpurple/smiley.c
+++ b/libpurple/smiley.c
@@ -348,7 +348,8 @@ purple_smiley_set_property(GObject *obje
smiley->img = img;
if (img) {
- smiley->checksum = purple_util_get_image_checksum(
+ smiley->checksum = g_compute_checksum_for_data(
+ G_CHECKSUM_SHA1,
purple_imgstore_get_data(img),
purple_imgstore_get_size(img));
purple_smiley_data_store(img);
diff --git a/libpurple/util.c b/libpurple/util.c
--- a/libpurple/util.c
+++ b/libpurple/util.c
@@ -3180,42 +3180,14 @@ purple_util_get_image_extension(gconstpo
return "icon";
}
-/*
- * We thought about using non-cryptographic hashes like CRC32 here.
- * They would be faster, but we think using something more secure is
- * important, so that it is more difficult for someone to maliciously
- * replace one buddy's icon with something else.
- */
-char *
-purple_util_get_image_checksum(gconstpointer image_data, size_t image_len)
-{
- PurpleCipherContext *context;
- gchar digest[41];
-
- context = purple_cipher_context_new_by_name("sha1", NULL);
- if (context == NULL)
- {
- purple_debug_error("util", "Could not find sha1 cipher\n");
- g_return_val_if_reached(NULL);
- }
-
- /* Hash the image data */
- purple_cipher_context_append(context, image_data, image_len);
- if (!purple_cipher_context_digest_to_str(context, sizeof(digest), digest, NULL))
- {
- purple_debug_error("util", "Failed to get SHA-1 digest.\n");
- g_return_val_if_reached(NULL);
- }
- purple_cipher_context_destroy(context);
-
- return g_strdup(digest);
-}
-
char *
purple_util_get_image_filename(gconstpointer image_data, size_t image_len)
{
- /* Return the filename */
- char *checksum = purple_util_get_image_checksum(image_data, image_len);
+ /* Use a cryptographic hash to avoid the possibility of user A
+ intentionally causing a collision with user B. It's not a
+ horrible problem, but it's something we should try to avoid. */
+ char *checksum = g_compute_checksum_for_data(G_CHECKSUM_SHA1,
+ image_data, image_len);
char *filename = g_strdup_printf("%s.%s", checksum,
purple_util_get_image_extension(image_data, image_len));
g_free(checksum);
diff --git a/libpurple/util.h b/libpurple/util.h
--- a/libpurple/util.h
+++ b/libpurple/util.h
@@ -823,11 +823,6 @@ const char *
purple_util_get_image_extension(gconstpointer data, size_t len);
/**
- * Returns a SHA-1 hash string of the data passed in.
- */
-char *purple_util_get_image_checksum(gconstpointer image_data, size_t image_len);
-
-/**
* @return A hex encoded version of the SHA-1 hash of the data passed
* in with the correct file extention appended. The file
* extension is determined by calling
More information about the Commits
mailing list