Address comments

erickt · erickt · commit a5ea2c9650da · 2020-10-23T19:26:02.000-07:00
* Fix a comment since TrackRepository only tracks metadata changes. * Error rather than panic if root version is 2^32 or above. * Add a fixme(theupdateframework#306) to add a limit on the number of root metadata fetch. Change-Id: I8adef8261108ee45630c407738372fb37e93c3b4
diff --git a/src/client.rs b/src/client.rs
@@ -478,6 +478,11 @@ where
             //     exact number is as yet unknown), then go to step 5.1.9. The value for Y is set
             //     by the authors of the application using TUF. For example, Y may be 2^10.
 
+            // FIXME(#306) We do not have an upper bound on the number of root metadata we'll
+            // fetch. This means that an attacker that's stolen the root keys could cause a client
+            // to fall into an infinite loop (but if an attacker has stolen the root keys, the
+            // client probably has worse problems to worry about).
+
             let next_version = MetadataVersion::Number(self.tuf.trusted_root().version() + 1);
             let res = self
                 .remote
diff --git a/src/repository/track_repo.rs b/src/repository/track_repo.rs
@@ -58,7 +58,7 @@ impl Track {
     }
 }
 
-/// Helper Repository wrapper that tracks all the fetches and stores for testing purposes.
+/// Helper Repository wrapper that tracks all the metadata fetches and stores for testing purposes.
 pub(crate) struct TrackRepository<R> {
     repo: R,
     tracks: Arc<Mutex<Vec<Track>>>,
diff --git a/src/tuf.rs b/src/tuf.rs
@@ -189,10 +189,9 @@ impl<D: DataInterchange> Tuf<D> {
             //     discard it, abort the update cycle, and report the rollback attack. On the next
             //     update cycle, begin at step 0 and version N of the root metadata file.
 
-            let next_root_version = trusted_root
-                .version()
-                .checked_add(1)
-                .expect("root version should be less than max u32");
+            let next_root_version = trusted_root.version().checked_add(1).ok_or_else(|| {
+                Error::VerificationFailure(format!("root version should be less than max u32"))
+            })?;
 
             if new_root.version() != next_root_version {
                 return Err(Error::VerificationFailure(format!(

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ impl Track {`
`58`	`58`	`}`
`59`	`59`	`}`
`60`	`60`
`61`		`-/// Helper Repository wrapper that tracks all the fetches and stores for testing purposes.`
	`61`	`+/// Helper Repository wrapper that tracks all the metadata fetches and stores for testing purposes.`
`62`	`62`	`pub(crate) struct TrackRepository<R> {`
`63`	`63`	`repo: R,`
`64`	`64`	`tracks: Arc<Mutex<Vec<Track>>>,`