packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ostree/tests
History
Colin Walters 47610b45c2 Limit metadata to 10 MiB 
If fetching GPG-signed commits over plain HTTP, a MitM attacker can
fill up the drive of targets by simply returning an enormous stream
for the commit object.

Related to this, an attacker can also cause OSTree to perform large
memory allocations by returning enormous GVariants in the metadata.

This helps close that attack by limiting all metadata objects to 10
MiB, so the initial fetch will be truncated.

But now the attack is only slightly more difficult as the attacker
will have to return a correctly formed commit object, then return a
large stream of < 10 MiB dirmeta/dirtree objects.

https://bugzilla.gnome.org/show_bug.cgi?id=725921
 		2014-05-27 14:15:27 -04:00
..
gpghome tests: Fix up GPG tests for more strict EL7 GPG 2014-02-10 09:40:35 -05:00
.gitignore Add support for pulling from remote archives 2011-10-31 20:28:47 -04:00
admin-test.sh Unify uboot and syslinux test cases 2014-01-15 09:48:04 -05:00
archive-test.sh tests: Pull from file:/// only works with archive-z right now 2013-07-02 11:24:07 -04:00
corrupt-repo-ref.js tests/pull-corruption: Ensure we corrupt an object to be pulled 2014-01-19 13:19:10 -05:00
libtest.sh upgrade: Refuse chronologically older commits unless --allow-downgrade 2014-02-20 18:25:56 -05:00
ostree-valgrind.supp core: Check out asynchronously 2012-06-21 18:05:13 -04:00
pull-test.sh pull: Add remotename:ref syntax 2014-01-21 08:57:34 +00:00
test-admin-deploy-2.sh pull: Verify commits with gpg signatures from detached metadata 2013-09-29 14:49:47 -04:00
test-admin-deploy-etcmerge-cornercases.sh Move xattr handling into libgsystem, fix sysroot to handle directory ownership/perms 2013-11-28 23:28:13 -05:00
test-admin-deploy-karg.sh deploy: Rework kernel arguments, add --karg-append to "admin deploy" 2014-01-16 15:07:55 -05:00
test-admin-deploy-switch.sh admin switch: Allow switching just remote names 2014-05-15 08:58:44 -04:00
test-admin-deploy-syslinux.sh Unify uboot and syslinux test cases 2014-01-15 09:48:04 -05:00
test-admin-deploy-uboot.sh Unify uboot and syslinux test cases 2014-01-15 09:48:04 -05:00
test-admin-upgrade-not-backwards.sh upgrade: Refuse chronologically older commits unless --allow-downgrade 2014-02-20 18:25:56 -05:00
test-archivez.sh pull: Verify commits with gpg signatures from detached metadata 2013-09-29 14:49:47 -04:00
test-basic.sh commit: Reject non-regular/non-symlinks earlier with better error message 2014-01-17 10:39:36 -05:00
test-commit-sign.sh pull: Verify commits with gpg signatures from detached metadata 2013-09-29 14:49:47 -04:00
test-core.js test-core.js: Add standard copyright header 2013-09-18 16:34:57 -04:00
test-corruption.sh main: Add --delete option to fsck 2013-07-18 12:09:44 -04:00
test-delta.sh Initial basic static delta code drop 2014-02-04 10:31:44 -05:00
test-gpg-signed-commit.sh tests: Fix up GPG tests for more strict EL7 GPG 2014-02-10 09:40:35 -05:00
test-libarchive.sh tests: Drop numeric prefix 2013-07-09 10:41:07 -04:00
test-pull-archive-z.sh tests: Drop numeric prefix 2013-07-09 10:41:07 -04:00
test-pull-corruption.sh Limit metadata to 10 MiB 2014-05-27 14:15:27 -04:00
test-pull-large-metadata.sh Limit metadata to 10 MiB 2014-05-27 14:15:27 -04:00
test-pull-resume.sh pull: Verify commits with gpg signatures from detached metadata 2013-09-29 14:49:47 -04:00
test-remote-add.sh ostree/remote-add: Add --no-gpg-verify option 2013-12-25 14:17:36 -05:00
test-rollsum.c core: Import bup's "rollsum" code, add a test case 2014-02-04 10:12:56 -05:00
test-setuid.sh core: Don't strip setuid bits when creating files 2013-07-18 14:23:55 -04:00
test-sizes.js core: Add size information to commit metadata 2013-10-19 11:56:51 -04:00
test-sysroot.js test-sysroot: Use GSystem to spawn subprocess 2014-03-19 09:15:38 -04:00
test-varint.c Initial basic static delta code drop 2014-02-04 10:31:44 -05:00
test-xattrs.sh test-xattrs: Skip if current FS doesn't support user_xattr 2013-08-14 20:46:46 +02:00