[wp-trac] [WordPress Trac] #54231: CURLOPT_BUFFERSIZE can corrupt downloaded file

WordPress Trac noreply at wordpress.org
Thu Oct 7 07:45:40 UTC 2021


#54231: CURLOPT_BUFFERSIZE can corrupt downloaded file
--------------------------+-----------------------------
 Reporter:  nextendweb    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 One of our user has a website who tried to update our plugin through
 WordPress update system. Our update url points to our private server, so
 it is not wordpress.org related. We had tens of thousands updates for this
 very same file and this is the only site which had this issue, so I think
 it is not related how our server serves the file


 The error is md5_mismatch: The checksum of the file
 (4a3b968a44c585a2883e687d61c251fb) does not match the expected checksum
 value (231732259d67fe83ed6fc02d7ad9be57).

 I started to debug this issue, I had the original zip file and the
 corrupted one which WordPress downloaded. I diffed the files and at some
 point it seems like that different parts are mixed up. Like the wrong
 stream part got inserted at some point. And it happens all the time.
 [[Image(https://i.imgur.com/Nx0SKeK.png)]]

 {{{#!php
 <?php

 require_once __DIR__ . '/wp-load.php';
 require_once ABSPATH . 'wp-admin/includes/file.php';

 $url = "https://***********";


 $download_file = download_url( $url, 300, false );

 var_dump($download_file);
 }}}


 For this download Curl is used, so I head over to /wp-
 includes/Requests/Transport/cURL.php

 And when I removed CURLOPT_BUFFERSIZE or changed anything else
 (Requests::BUFFER_SIZE+1, Requests::BUFFER_SIZE-1), download_url function
 started to behave as it should and there was no md5 error anymore.
 {{{#!php
 <?php
 curl_setopt($this->handle, CURLOPT_BUFFERSIZE, Requests::BUFFER_SIZE);

 }}}



 **Site info:**
 WordPress  5.8.1
 PHP 7.4.24
 Curl 7.71.0
 LiteSpeed V7.9

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54231>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list