Re: Possible file download bug?

public inbox for crossgcc@sourceware.org
 help / color / mirror / Atom feed

From: Alexey Neyman <stilor@att.net>
To: Paul Smith <paul_d_smith@hotmail.com>,
	"crossgcc@sourceware.org" <crossgcc@sourceware.org>
Subject: Re: Possible file download bug?
Date: Fri, 28 Sep 2018 16:40:00 -0000	[thread overview]
Message-ID: <36effe4f-f8ca-46a3-0557-987f636ef299@att.net> (raw)
In-Reply-To: <VI1P192MB035242CAB205FA78EC19D594C8EC0@VI1P192MB0352.EURP192.PROD.OUTLOOK.COM>

On 09/28/2018 06:11 AM, Paul Smith wrote:
> Crossgcc,
>
>
> I wanted to alert you to a possible bug.  I'm using someone else's product that uses an old copy of Crossgcc and I've found the following issue, and from looking at the latest Crossgcc code I suspect the same bug still exists.
>
>
> The issue is in scripts/functions in the code that downloads a file from the web using wget or curl.  My local ISP 'catches' page load errors and returns their own generated HTML error page and the bug I'm seeing results from a file download believing it succeeded when actually it downloaded just a dummy HTML page.
>
>
> In my case the files were always supposed to be variants on Linux tar files so it easy to use the Linux 'file' command to see if the file was actually an HTML page.  I don't know whether you can do the same or whether the files you are downloaded are more diverse and need more careful checking, perhaps outside of the file download function.
>
>
> However I wanted to alert you to this odd behaviour as it soaked up a few hours this morning identifying the cause and a fix.
It has been an issue with some download servers, too (I think, the one 
hosting libelf is an example; SourceForge during their outages is 
another one): instead of an error response, they return a valid 200 code 
with an HTML page. Current crosstool-NG (on master) offers an ability to 
verify the digest of the download (MD5/SHA-1/SHA-256/SHA-512); such 
broken download would fail this verification - so crosstool-NG won't 
save it to the local cache and will bail out with an error. But, it is 
only on master, no released versions do such verification.

Regards,
Alexey.

     prev parent reply	other threads:[~2018-09-28 16:40 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-28 13:11 Paul Smith
2018-09-28 14:22 ` Allan Clark
2018-10-01  7:47   ` Paul Smith
2018-09-28 16:40 ` Alexey Neyman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=36effe4f-f8ca-46a3-0557-987f636ef299@att.net \
    --to=stilor@att.net \
    --cc=crossgcc@sourceware.org \
    --cc=paul_d_smith@hotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).