diff options
author | Brian Goff <cpuguy83@gmail.com> | 2020-10-12 18:08:28 +0000 |
---|---|---|
committer | Tibor Vass <tibor@docker.com> | 2021-01-28 21:43:36 +0000 |
commit | 420b1d36250f9cfdc561f086f25a213ecb669b6f (patch) | |
tree | e088e6d3fa79a5d101e1e42ffdb9fe36199e1d77 /distribution/pull_v2.go | |
parent | 5472f39022e99c14b2f055eac4d9619e3663ae20 (diff) | |
download | docker-420b1d36250f9cfdc561f086f25a213ecb669b6f.tar.gz |
pull: Validate layer digest formatv19.03.15jenkins-test-2
Otherwise a malformed or empty digest may cause a panic.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit a7d4af84bd2f189b921c3ec60796aa825e3a0f2a)
Signed-off-by: Tibor Vass <tibor@docker.com>
Diffstat (limited to 'distribution/pull_v2.go')
-rw-r--r-- | distribution/pull_v2.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go index 3307458fdf..cb47264b9a 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go @@ -477,6 +477,9 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv // to top-most, so that the downloads slice gets ordered correctly. for i := len(verifiedManifest.FSLayers) - 1; i >= 0; i-- { blobSum := verifiedManifest.FSLayers[i].BlobSum + if err = blobSum.Validate(); err != nil { + return "", "", errors.Wrapf(err, "could not validate layer digest %q", blobSum) + } var throwAway struct { ThrowAway bool `json:"throwaway,omitempty"` @@ -575,6 +578,9 @@ func (p *v2Puller) pullSchema2Layers(ctx context.Context, target distribution.De // Note that the order of this loop is in the direction of bottom-most // to top-most, so that the downloads slice gets ordered correctly. for _, d := range layers { + if err := d.Digest.Validate(); err != nil { + return "", errors.Wrapf(err, "could not validate layer digest %q", d.Digest) + } layerDescriptor := &v2LayerDescriptor{ digest: d.Digest, repo: p.repo, |