pull: Validate layer digest format
Otherwise a malformed or empty digest may cause a panic. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
parent
611eb6ffb3
commit
a7d4af84bd
2 changed files with 9 additions and 0 deletions
|
@ -524,6 +524,9 @@ func (p *puller) Snapshot(ctx context.Context, g session.Group) (cache.Immutable
|
|||
layers := make([]xfer.DownloadDescriptor, 0, len(mfst.Layers))
|
||||
|
||||
for i, desc := range mfst.Layers {
|
||||
if err := desc.Digest.Validate(); err != nil {
|
||||
return nil, errors.Wrap(err, "layer digest could not be validated")
|
||||
}
|
||||
ongoing.add(desc)
|
||||
layers = append(layers, &layerDescriptor{
|
||||
desc: desc,
|
||||
|
|
|
@ -528,6 +528,9 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv
|
|||
// to top-most, so that the downloads slice gets ordered correctly.
|
||||
for i := len(verifiedManifest.FSLayers) - 1; i >= 0; i-- {
|
||||
blobSum := verifiedManifest.FSLayers[i].BlobSum
|
||||
if err = blobSum.Validate(); err != nil {
|
||||
return "", "", errors.Wrapf(err, "could not validate layer digest %q", blobSum)
|
||||
}
|
||||
|
||||
var throwAway struct {
|
||||
ThrowAway bool `json:"throwaway,omitempty"`
|
||||
|
@ -626,6 +629,9 @@ func (p *v2Puller) pullSchema2Layers(ctx context.Context, target distribution.De
|
|||
// Note that the order of this loop is in the direction of bottom-most
|
||||
// to top-most, so that the downloads slice gets ordered correctly.
|
||||
for _, d := range layers {
|
||||
if err := d.Digest.Validate(); err != nil {
|
||||
return "", errors.Wrapf(err, "could not validate layer digest %q", d.Digest)
|
||||
}
|
||||
layerDescriptor := &v2LayerDescriptor{
|
||||
digest: d.Digest,
|
||||
repo: p.repo,
|
||||
|
|
Loading…
Reference in a new issue