packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2520 from lucab/ups/builtin-commit-reject-empty-metadata 

lib/commit: reject empty metadata keys
This commit is contained in:
Colin Walters 2022-01-20 09:04:34 -05:00 committed by GitHub
parent a05b02fa9c da72c245f4
commit 51361f62af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libostree/ostree-core.c
View File

@ -2197,6 +2197,19 @@ ostree_validate_structureof_commit (GVariant *commit,
if (!validate_variant (commit, OSTREE_COMMIT_GVARIANT_FORMAT, error))
return FALSE;
g_autoptr(GVariant) metadata = NULL;
g_variant_get_child (commit, 0, "@a{sv}", &metadata);
g_assert (metadata != NULL);
g_autoptr(GVariantIter) metadata_iter = g_variant_iter_new (metadata);
g_assert (metadata_iter != NULL);
g_autoptr(GVariant) metadata_entry = NULL;
const gchar *metadata_key = NULL;
while (g_variant_iter_loop (metadata_iter, "{sv}", &metadata_key, NULL))
{
if (metadata_key == NULL || strlen (metadata_key) == 0)
return glnx_throw (error, "Empty metadata key");
}
g_autoptr(GVariant) parent_csum_v = NULL;
g_variant_get_child (commit, 1, "@ay", &parent_csum_v);
gsize n_elts;

4
src/libostree/ostree-repo-commit.c
View File

@ -2478,12 +2478,8 @@ ostree_repo_write_metadata (OstreeRepo *self,
normalized = g_variant_get_normal_form (object);
}
/* For untrusted objects, verify their structure here */
if (expected_checksum)
{
if (!_ostree_validate_structureof_metadata (objtype, object, error))
return FALSE;
}
g_autoptr(GBytes) vdata = g_variant_get_data_as_bytes (normalized);
if (!write_metadata_object (self, objtype, expected_checksum,

9
src/ostree/ot-builtin-commit.c
View File

@ -335,17 +335,18 @@ parse_keyvalue_strings (GVariantBuilder *builder,
if (!eq)
return glnx_throw (error, "Missing '=' in KEY=VALUE metadata '%s'", s);
g_autofree char *key = g_strndup (s, eq - s);
const char *value = eq + 1;
if (is_gvariant_print)
{
g_autoptr(GVariant) value = g_variant_parse (NULL, eq + 1, NULL, NULL, error);
if (!value)
g_autoptr(GVariant) variant = g_variant_parse (NULL, value, NULL, NULL, error);
if (!variant)
return glnx_prefix_error (error, "Parsing %s", s);
g_variant_builder_add (builder, "{sv}", key, value);
g_variant_builder_add (builder, "{sv}", key, variant);
}
else
g_variant_builder_add (builder, "{sv}", key,
g_variant_new_string (eq + 1));
g_variant_new_string (value));
}
return TRUE;

13
tests/test-basic-user-only.sh
View File

@ -23,7 +23,7 @@ set -euo pipefail
mode="bare-user-only"
setup_test_repository "$mode"
extra_basic_tests=6
extra_basic_tests=7
. $(dirname $0)/basic-test.sh
$CMD_PREFIX ostree --version > version.yaml
@ -54,6 +54,17 @@ fi
assert_file_has_content err.txt "Content object.*invalid mode.*with bits 040.*"
echo "ok failed to commit suid"
cd ${test_tmpdir}
rm repo-input -rf
ostree_repo_init repo-input init --mode=archive
rm files -rf && mkdir files
if $CMD_PREFIX ostree --repo=repo-input commit -b metadata --tree=dir=files --add-metadata-string='=FOO' 2>err.txt; then
assert_not_reached "committed an empty metadata key"
fi
assert_file_has_content err.txt "Empty metadata key"
$CMD_PREFIX ostree --repo=repo-input commit -b metadata --tree=dir=files --add-metadata-string='FOO='
echo "ok rejected invalid metadata"
cd ${test_tmpdir}
rm repo-input -rf
ostree_repo_init repo-input init --mode=archive