From 1201f316347d2ea8b09aa89b0c5edaebfaa64c93 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Thu, 16 Apr 2020 23:35:02 +0200
Subject: [PATCH] Checksum network encode requests and replies to protect
 against network corruption (#1381).

---
 src/lib/dcp_video.cc     | 22 +++++++++++++++-------
 src/lib/encode_server.cc |  7 +++++++
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/lib/dcp_video.cc b/src/lib/dcp_video.cc
index 9d7ccf565..5416f2ae7 100644
--- a/src/lib/dcp_video.cc
+++ b/src/lib/dcp_video.cc
@@ -165,23 +165,31 @@ DCPVideo::encode_remotely (EncodeServerDescription serv, int timeout)
 
 	LOG_DEBUG_ENCODE (N_("Sending frame %1 to remote"), _index);
 
-	/* Send XML metadata */
-	string xml = doc.write_to_string ("UTF-8");
-	socket->write (xml.length() + 1);
-	socket->write ((uint8_t *) xml.c_str(), xml.length() + 1);
+	{
+		Socket::WriteDigestScope ds (socket);
 
-	/* Send binary data */
-	LOG_TIMING("start-remote-send thread=%1", thread_id ());
-	_frame->write_to_socket (socket);
+		/* Send XML metadata */
+		string xml = doc.write_to_string ("UTF-8");
+		socket->write (xml.length() + 1);
+		socket->write ((uint8_t *) xml.c_str(), xml.length() + 1);
+
+		/* Send binary data */
+		LOG_TIMING("start-remote-send thread=%1", thread_id ());
+		_frame->write_to_socket (socket);
+	}
 
 	/* Read the response (JPEG2000-encoded data); this blocks until the data
 	   is ready and sent back.
 	*/
+	Socket::ReadDigestScope ds (socket);
 	LOG_TIMING("start-remote-encode thread=%1", thread_id ());
 	Data e (socket->read_uint32 ());
 	LOG_TIMING("start-remote-receive thread=%1", thread_id ());
 	socket->read (e.data().get(), e.size());
 	LOG_TIMING("finish-remote-receive thread=%1", thread_id ());
+	if (!ds.check()) {
+		throw NetworkError ("Checksums do not match");
+	}
 
 	LOG_DEBUG_ENCODE (N_("Finished remotely-encoded frame %1"), _index);
 
diff --git a/src/lib/encode_server.cc b/src/lib/encode_server.cc
index 5884df09a..8db3f867c 100644
--- a/src/lib/encode_server.cc
+++ b/src/lib/encode_server.cc
@@ -121,6 +121,8 @@ EncodeServer::~EncodeServer ()
 int
 EncodeServer::process (shared_ptr<Socket> socket, struct timeval& after_read, struct timeval& after_encode)
 {
+	Socket::ReadDigestScope ds (socket);
+
 	uint32_t length = socket->read_uint32 ();
 	scoped_array<char> buffer (new char[length]);
 	socket->read (reinterpret_cast<uint8_t*> (buffer.get()), length);
@@ -139,6 +141,10 @@ EncodeServer::process (shared_ptr<Socket> socket, struct timeval& after_read, st
 
 	shared_ptr<PlayerVideo> pvf (new PlayerVideo (xml, socket));
 
+	if (!ds.check()) {
+		throw NetworkError ("Checksums do not match");
+	}
+
 	DCPVideo dcp_video_frame (pvf, xml);
 
 	gettimeofday (&after_read, 0);
@@ -148,6 +154,7 @@ EncodeServer::process (shared_ptr<Socket> socket, struct timeval& after_read, st
 	gettimeofday (&after_encode, 0);
 
 	try {
+		Socket::WriteDigestScope ds (socket);
 		socket->write (encoded.size());
 		socket->write (encoded.data().get(), encoded.size());
 	} catch (std::exception& e) {
-- 
2.30.2