From c2eba9490b126fdae6a83d43bde21bdbee4becae Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Wed, 21 Mar 2012 22:01:40 +0000
Subject: [PATCH] Introduced private methods for validation of hash and serial
 number (very basic check)

---
 .../handler/chunks/class_ChunkHandler.php     | 59 ++++++++++++++++---
 1 file changed, 52 insertions(+), 7 deletions(-)

diff --git a/application/hub/main/handler/chunks/class_ChunkHandler.php b/application/hub/main/handler/chunks/class_ChunkHandler.php
index e15d38587..6d4d94918 100644
--- a/application/hub/main/handler/chunks/class_ChunkHandler.php
+++ b/application/hub/main/handler/chunks/class_ChunkHandler.php
@@ -68,6 +68,40 @@ class ChunkHandler extends BaseHandler implements HandleableChunks, Registerable
 		return $handlerInstance;
 	}
 
+	/**
+	 * Checks whether the hash generated from package content is the same ("valid") as given
+	 *
+	 * @param	$chunkSplits	An array from a splitted chunk
+	 * @return	$isValid		Whether the hash is "valid"
+	 */
+	private function isChunkHashValid (array $chunkSplits) {
+		// Now hash the raw data again
+		$chunkHash = $this->getCryptoInstance()->hashString($chunkSplits[2], $chunkSplits[0], false);
+
+		// Debug output
+		//* NOISY-DEBUG: */ $this->debugOutput('CHUNK-HANDLER: chunkHash=' . $chunkHash . ',chunkSplits[0]=' . $chunkSplits[0] . ',chunkSplits[1]=' . $chunkSplits[1]);
+
+		// Check it
+		$isValid = ($chunkSplits[0] === $chunkHash);
+
+		// ... and return it
+		return $isValid;
+	}
+
+	/**
+	 * Checks whether the given serial number is valid
+	 *
+	 * @param	$serialNumber	A serial number from a chunk
+	 * @return	$isValid		Whether the serial number is valid
+	 */
+	private function isSerialNumberValid ($serialNumber) {
+		// Check it
+		$isValid = ((strlen($serialNumber) == PackageFragmenter::MAX_SERIAL_LENGTH) && ($this->bigintval($serialNumber, false) === $serialNumber));
+
+		// Return result
+		return $isValid;
+	}
+
 	/**
 	 * Adds all chunks if the last one verifies as a 'final chunk'.
 	 *
@@ -127,14 +161,11 @@ class ChunkHandler extends BaseHandler implements HandleableChunks, Registerable
 		 */
 		assert(count($chunkSplits) == 3);
 
-		// Now hash the raw data again
-		$chunkHash = $this->getCryptoInstance()->hashString($chunkSplits[2], $chunkSplits[0], false);
-
-		// Debug output
-		//* NOISY-DEBUG: */ $this->debugOutput('CHUNK-HANDLER: chunkHash=' . $chunkHash . ',chunkSplits[0]=' . $chunkSplits[0] . ',chunkSplits[1]=' . $chunkSplits[1]);
+		// Is the generated hash from data same ("valid") as given hash?
+		if (!$this->isChunkHashValid($chunkSplits)) {
+			// Do some logging
+			$this->debugOutput('CHUNK-HANDLER: Chunk content is not validating against given hash.');
 
-		// Is it the same?
-		if ($chunkSplits[0] != $chunkHash) {
 			// Re-request this chunk (trust the hash in index # 0)
 			$this->rerequestChunkBySplitsArray($chunkSplits);
 
@@ -142,10 +173,24 @@ class ChunkHandler extends BaseHandler implements HandleableChunks, Registerable
 			return;
 		} // END - if
 
+		// Is the serial number valid (chars 0-9, length equals PackageFragmenter::MAX_SERIAL_LENGTH)?
+		if (!$this->isSerialNumberValid($chunkSplits[1])) {
+			// Do some logging
+			$this->debugOutput('CHUNK-HANDLER: Chunk serial number is invalid.');
+
+			// Re-request this chunk
+			$this->rerequestChunkBySplitsArray($chunkSplits);
+
+			// Don't process this chunk
+			return;
+		} // END - if
+
 		/*
 		 * It is now known that (as long as the hash algorithm has no
 		 * collisions) the content is the same as the sender sends it to this
 		 * peer.
+		 *
+		 * And also the serial number is valid (basicly) at this point.
 		 */
 		die('chunk=' . $chunk . chr(10));
 	}
-- 
2.39.2