[ostree] pull: Validate delta checksums more strongly

From: Colin Walters <walters src gnome org>
To: commits-list gnome org
Cc:
Subject: [ostree] pull: Validate delta checksums more strongly
Date: Tue, 2 Jun 2015 13:08:12 +0000 (UTC)

commit 9161e35d20b96c09167581543ca1bf1456477ce4
Author: Colin Walters <walters verbum org>
Date:   Mon Jun 1 16:56:19 2015 -0400

    pull: Validate delta checksums more strongly
    
    We need to check that it's 'ay'.  Also reuse the existing validation
    function to check it's 32 bytes rather than potentially crashing with
    assertion.
    
    Just noticed this during a code review.

 src/libostree/ostree-repo-pull.c |   30 ++++++++++++++++++++++++------
 1 files changed, 24 insertions(+), 6 deletions(-)
---
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index c6d4c45..608a7b4 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -1557,6 +1557,28 @@ process_one_static_delta (OtPullData   *pull_data,
   return ret;
 }
 
+static gboolean
+validate_variant_is_csum (GVariant       *csum,
+                          GError        **error)
+{
+  gboolean ret = FALSE;
+
+  if (!g_variant_is_of_type (csum, G_VARIANT_TYPE ("ay")))
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Invalid checksum variant of type '%s', expected 'ay'",
+                   g_variant_get_type_string (csum));
+      goto out;
+    }
+
+  if (!ostree_validate_structureof_csum_v (csum, error))
+    goto out;
+  
+  ret = TRUE;
+ out:
+  return ret;
+}
+
 /* documented in ostree-repo.c */
 gboolean
 ostree_repo_pull (OstreeRepo               *self,
@@ -1962,7 +1984,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
           n = deltas ? g_variant_n_children (deltas) : 0;
           for (i = 0; i < n; i++)
             {
-              gsize size;
               const char *delta;
               GVariant *csum_v = NULL;
               guchar *csum_data = g_malloc (32);
@@ -1971,11 +1992,8 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
               g_variant_get_child (ref, 0, "&s", &delta);
               g_variant_get_child (ref, 1, "v", &csum_v);
 
-              size = g_variant_get_size (csum_v);
-
-              g_assert_cmpint (size, ==, 32);
-              if (size != 32)
-                continue;
+              if (!validate_variant_is_csum (csum_v, error))
+                goto out;
 
               memcpy (csum_data, ostree_checksum_bytes_peek (csum_v), 32);
               g_hash_table_insert (pull_data->summary_deltas_checksums,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]