[ostree] core: Add some more sanity checks to pull when parsing metadata

[Colin Walters <walters src gnome org>]

commit d8ea31e24eea4b3e2db720a7f3561d372eaf6fbb
Author: Colin Walters <walters verbum org>
Date:   Thu Dec 22 17:00:58 2011 -0500

    core: Add some more sanity checks to pull when parsing metadata

 src/ostree/ostree-pull.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)
---
diff --git a/src/ostree/ostree-pull.c b/src/ostree/ostree-pull.c
index 6431cb6..d1553c8 100644
--- a/src/ostree/ostree-pull.c
+++ b/src/ostree/ostree-pull.c
@@ -242,6 +242,11 @@ store_tree_recurse (OstreeRepo   *repo,
 
           g_variant_get_child (files_variant, i, "(&s&s)", &filename, &checksum);
 
+          if (!ot_util_filename_validate (filename, error))
+            goto out;
+          if (!ostree_validate_checksum_string (checksum, error))
+            goto out;
+
           g_clear_object (&meta_file);
 
           if (!fetch_object (repo, soup, base_uri, checksum,
@@ -290,6 +295,13 @@ store_tree_recurse (OstreeRepo   *repo,
           g_variant_get_child (dirs_variant, i, "(&s&s&s)",
                                &dirname, &tree_checksum, &meta_checksum);
 
+          if (!ot_util_filename_validate (dirname, error))
+            goto out;
+          if (!ostree_validate_checksum_string (tree_checksum, error))
+            goto out;
+          if (!ostree_validate_checksum_string (meta_checksum, error))
+            goto out;
+
           if (!store_object (repo, soup, base_uri, meta_checksum, OSTREE_OBJECT_TYPE_DIR_META, &did_exist, error))
             goto out;