Merge pull request #8 from DanielSidhion/check_security_hash

Check security hash before accepting downloaded files.
This commit is contained in:
Carlos Guerrero 2016-10-22 19:39:03 +03:00 committed by GitHub
commit ca11bc07f8
2 changed files with 47 additions and 39 deletions

2
cachep2p.min.js vendored

File diff suppressed because one or more lines are too long

View file

@ -129,8 +129,15 @@ function CacheP2P(opts, callback){
// debug(b) // debug(b)
// debug(b.toString('utf8')) // debug(b.toString('utf8'))
var got_page = JSON.parse(b.toString('utf8')) var got_page = JSON.parse(b.toString('utf8'))
// self.emit('message', "Got cached version of "+got_page.url+" from web peer, modifying link to point to cache.") // self.emit('message', "Got cached version of "+got_page.url+" from web peer, checking security hash.")
sha(got_page.page, function (page_hash) {
if (page_hash != self.security_sha1[got_page.url]) {
self.emit('message', 'Cached version of ' + got_page.url + ' has wrong security hash. This is possibly malicious content! Ignoring the version obtained.');
return;
}
self.emit('message', 'Cached version of ' + got_page.url + ' has a verified security hash! Proceeding by changing links in page.');
cached_link_lists[got_page.url] = got_page cached_link_lists[got_page.url] = got_page
self.update_links() self.update_links()
@ -157,6 +164,7 @@ function CacheP2P(opts, callback){
} }
} }
} }
});
}) })
}) })
} }