diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-12-15 21:18:19 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-12-15 21:18:19 +0000 |
commit | 5a6c54aeb95fcfdc70bef20e4a24a0bceed9ba45 (patch) | |
tree | c711d682c8349a5b2b1f2553b3825f058224a97b /TODO | |
parent | eed069baf58952623ea035637eef154e10fa2038 (diff) |
Implement lengths in thandy objects, mostly:
Accept them, and when they're present, don't fetch more bytes than
specified, since that would be dangerous. Include lengths in every
generated object type except for the timestamp, since that would break
exising code.
git-svn-id: file:///home/or/svnrepo/updater/trunk@17629 55e972cd-5a19-0410-ae62-a4d7a52db4cd
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -28,7 +28,18 @@ o Decouple install from check: they are not necessarily related. any cached yet. - Security stuff that we should do that needs format changes. - 2 Whenever we list a hash in a metafile, also list a file length. + . Whenever we list a hash in a metafile, also list a file length. + o Implement parsing; use length, when present, as a maximum + believable value to make sure we don't download too much + o Include lengths in generated packages and bundles + . Specify use of length field. + - Once everybody has been wanted to update their clients, include + lengths in timestamp files. + - Make lengths mandatory + - Maybe make lengths enforced for purposes other than a maximum + during fetch. + - Maybe stop early if Content-Length is greater than the expected + length. - Think more about issues 4, 7(A,B,C) |