From d8ea31e24eea4b3e2db720a7f3561d372eaf6fbb Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 22 Dec 2011 17:00:58 -0500
Subject: [PATCH] core: Add some more sanity checks to pull when parsing
 metadata

---
 src/ostree/ostree-pull.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/ostree/ostree-pull.c b/src/ostree/ostree-pull.c
index 6431cb62..d1553c83 100644
--- a/src/ostree/ostree-pull.c
+++ b/src/ostree/ostree-pull.c
@@ -242,6 +242,11 @@ store_tree_recurse (OstreeRepo   *repo,
 
           g_variant_get_child (files_variant, i, "(&s&s)", &filename, &checksum);
 
+          if (!ot_util_filename_validate (filename, error))
+            goto out;
+          if (!ostree_validate_checksum_string (checksum, error))
+            goto out;
+
           g_clear_object (&meta_file);
 
           if (!fetch_object (repo, soup, base_uri, checksum,
@@ -290,6 +295,13 @@ store_tree_recurse (OstreeRepo   *repo,
           g_variant_get_child (dirs_variant, i, "(&s&s&s)",
                                &dirname, &tree_checksum, &meta_checksum);
 
+          if (!ot_util_filename_validate (dirname, error))
+            goto out;
+          if (!ostree_validate_checksum_string (tree_checksum, error))
+            goto out;
+          if (!ostree_validate_checksum_string (meta_checksum, error))
+            goto out;
+
           if (!store_object (repo, soup, base_uri, meta_checksum, OSTREE_OBJECT_TYPE_DIR_META, &did_exist, error))
             goto out;