Add lengths to the timestamp file.

This might break old clients, but AFAICT there are no clients running versions
prior to 15 Dec.  It's necessary to avoid some DOS attacks.

3 files changed, 17 insertions, 12 deletions

diff --git a/TODO b/TODO
index e4a2fa1..6fec3a3 100644
--- a/TODO
+++ b/TODO
@@ -33,7 +33,7 @@ o Decouple install from check: they are not necessarily related.
       believable value to make sure we don't download too much
     o Include lengths in generated packages and bundles
     . Specify use of length field.
-    - Once everybody has been wanted to update their clients, include
+    o Once everybody has been wanted to update their clients, include
       lengths in timestamp files.
     - Make lengths mandatory
     - Maybe make lengths enforced for purposes other than a maximum
diff --git a/lib/thandy/ServerCLI.py b/lib/thandy/ServerCLI.py
index d9c0f04..9212846 100644
--- a/lib/thandy/ServerCLI.py
+++ b/lib/thandy/ServerCLI.py
@@ -24,7 +24,8 @@ def snarf(fname):
 def snarfObj(fname):
     f = open(fname, 'r')
     try:
-        return json.load(f)
+        length = os.fstat(f.fileno()).st_size
+        return json.load(f), length
     finally:
         f.close()
 
@@ -127,12 +128,12 @@ def timestamp(args):
     tsFname = os.path.join(repo, "meta/timestamp.txt")
 
     try:
-        mObj = snarfObj(os.path.join(repo, "meta/mirrors.txt"))
+        mObj, mLen = snarfObj(os.path.join(repo, "meta/mirrors.txt"))
     except OSError:
         print "No mirror list!"
         sys.exit(1)
     try:
-        kObj = snarfObj(os.path.join(repo, "meta/keys.txt"))
+        kObj, kLen = snarfObj(os.path.join(repo, "meta/keys.txt"))
     except OSError:
         print "No key list!"
         sys.exit(1)
@@ -142,7 +143,7 @@ def timestamp(args):
         for fn in fns:
             fn = os.path.join(dirpath, fn)
             try:
-                bObj = snarfObj(fn)
+                bObj, bLen = snarfObj(fn)
             except (ValueError, OSError, IOError), e:
                 print "(Couldn't read bundle-like %s: %s)"%(fn, e)
                 continue
@@ -154,10 +155,11 @@ def timestamp(args):
             if r != "bundle":
                 print "%s was not a good bundle"%fn
                 continue
-            bundles.append(bObj['signed'])
+            bundles.append((bObj['signed'], bLen))
 
     timestamp = thandy.formats.makeTimestampObj(
-        mObj['signed'], kObj['signed'], bundles)
+        mObj['signed'], mLen, kObj['signed'], kLen,
+        bundles)
     signable = thandy.formats.makeSignable(timestamp)
 
     keydb = thandy.formats.Keylist()
diff --git a/lib/thandy/formats.py b/lib/thandy/formats.py
index b82bf05..5429d5c 100644
--- a/lib/thandy/formats.py
+++ b/lib/thandy/formats.py
@@ -794,19 +794,22 @@ def getBundleKey(bundlePath):
     idx = bundlePath.rindex("/")
     return bundlePath[:idx+1]
 
-def makeTimestampObj(mirrorlist_obj, keylist_obj,
+def makeTimestampObj(mirrorlist_obj, mirrorlist_len,
+                     keylist_obj, keylist_len,
                      bundle_objs):
     result = { '_type' : 'Timestamp',
                'at' : formatTime(time.time()) }
     result['m'] = [ mirrorlist_obj['ts'],
-                    formatHash(getDigest(mirrorlist_obj)) ]
+                    formatHash(getDigest(mirrorlist_obj)),
+                    mirrorlist_len ]
     result['k'] = [ keylist_obj['ts'],
-                    formatHash(getDigest(keylist_obj)) ]
+                    formatHash(getDigest(keylist_obj)),
+                    keylist_len ]
     result['b'] = bundles = {}
-    for bundle in bundle_objs:
+    for bundle, bundleLen in bundle_objs:
         k = getBundleKey(bundle['location'])
         v = bundle['version']
-        entry = [ v, bundle['location'], bundle['at'], formatHash(getDigest(bundle)) ]
+        entry = [ v, bundle['location'], bundle['at'], formatHash(getDigest(bundle)), bundleLen ]
         if not bundles.has_key(k) or versionIsNewer(v, bundles[k][0]):
             bundles[k] = entry