From 4c238c350d4b910d40b92be8f6f7b226f79da0b8 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Mon, 19 Jun 2017 15:58:08 +0100
Subject: [PATCH] lib/pull: Check whether summary is in normal form when
 loading it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Check that it’s in normal form and has the correct type when loading it,
since it could come from an untrusted source.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #961
Approved by: cgwalters
---
 src/libostree/ostree-repo-pull.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index cc8a51eb..0b7dae17 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -3362,6 +3362,20 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         pull_data->summary_data = g_bytes_ref (bytes_summary);
         pull_data->summary = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT, bytes_summary, FALSE);
 
+        if (!g_variant_is_normal_form (pull_data->summary))
+          {
+            g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                                 "Not normal form");
+            goto out;
+          }
+        if (!g_variant_is_of_type (pull_data->summary, OSTREE_SUMMARY_GVARIANT_FORMAT))
+          {
+            g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                         "Doesn't match variant type '%s'",
+                         (char *)OSTREE_SUMMARY_GVARIANT_FORMAT);
+            goto out;
+          }
+
         if (bytes_sig)
           pull_data->summary_data_sig = g_bytes_ref (bytes_sig);
       }