shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-03-13 00:58:43 +03:00
Code Issues Projects Releases Wiki Activity

core, switchroot: Harden a bit against g_variant_get_data() == NULL

Browse Source 
I'm not totally sure this is the cause of
https://bugzilla.redhat.com/show_bug.cgi?id=2217401
but analyzing the code a bit it seems the most likely.
This commit is contained in:
Colin Walters 2023-07-26 18:04:11 -04:00
parent d7d661218e
commit 0392b54602
4 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libostree/ostree-core.c
View File

@ -2093,11 +2093,15 @@ _ostree_verify_metadata_object (OstreeObjectType objtype, const char *expected_c
{ {
g_assert (expected_checksum); g_assert (expected_checksum);
const guint8 *data = ot_variant_get_data (metadata, error);
if (!data)
return FALSE;
g_auto (OtChecksum) hasher = { g_auto (OtChecksum) hasher = {
0, 0,
}; };
ot_checksum_init (&hasher); ot_checksum_init (&hasher);
ot_checksum_update (&hasher, g_variant_get_data (metadata), g_variant_get_size (metadata)); ot_checksum_update (&hasher, data, g_variant_get_size (metadata));
char actual_checksum[OSTREE_SHA256_STRING_LEN + 1]; char actual_checksum[OSTREE_SHA256_STRING_LEN + 1];
ot_checksum_get_hexdigest (&hasher, actual_checksum, sizeof (actual_checksum)); ot_checksum_get_hexdigest (&hasher, actual_checksum, sizeof (actual_checksum));

18
src/libotutil/ot-variant-utils.c
View File

@ -146,3 +146,21 @@ ot_variant_bsearch_str (GVariant *array, const char *str, int *out_pos)
*out_pos = imid; *out_pos = imid;
return FALSE; return FALSE;
} }
/**
* ot_variant_get_data:
* @variant: A variant
* @error: An error
*
* `g_variant_get_data` says it can return `NULL`, which many callers are not prepared
* to handle. Return an error in this case.
*
**/
const guint8 *
ot_variant_get_data (GVariant *variant, GError **error)
{
const guint8 *data = g_variant_get_data (variant);
if (!data)
return glnx_null_throw (error, "Corrupted serialized variant");
return data;
}

2
src/libotutil/ot-variant-utils.h
View File

@ -38,4 +38,6 @@ GVariantBuilder *ot_util_variant_builder_from_variant (GVariant *variant, const
gboolean ot_variant_bsearch_str (GVariant *array, const char *str, int *out_pos); gboolean ot_variant_bsearch_str (GVariant *array, const char *str, int *out_pos);
const guint8 *ot_variant_get_data (GVariant *variant, GError **error);
G_END_DECLS G_END_DECLS

6
src/switchroot/ostree-prepare-root.c
View File

@ -464,10 +464,12 @@ main (int argc, char *argv[])
metadata, OSTREE_COMPOSEFS_DIGEST_KEY_V0, G_VARIANT_TYPE_BYTESTRING); metadata, OSTREE_COMPOSEFS_DIGEST_KEY_V0, G_VARIANT_TYPE_BYTESTRING);
if (cfs_digest_v == NULL || g_variant_get_size (cfs_digest_v) != OSTREE_SHA256_DIGEST_LEN) if (cfs_digest_v == NULL || g_variant_get_size (cfs_digest_v) != OSTREE_SHA256_DIGEST_LEN)
errx (EXIT_FAILURE, "Signature validation requested, but no valid digest in commit"); errx (EXIT_FAILURE, "Signature validation requested, but no valid digest in commit");
const guint8 *cfs_digest_buf = ot_variant_get_data (cfs_digest_v, &error);
if (!cfs_digest_buf)
errx (EXIT_FAILURE, "Failed to query digest: %s", error->message);
expected_digest_owned = g_malloc (OSTREE_SHA256_STRING_LEN + 1); expected_digest_owned = g_malloc (OSTREE_SHA256_STRING_LEN + 1);
ot_bin2hex (expected_digest_owned, g_variant_get_data (cfs_digest_v), ot_bin2hex (expected_digest_owned, cfs_digest_buf, g_variant_get_size (cfs_digest_v));
g_variant_get_size (cfs_digest_v));
expected_digest = expected_digest_owned; expected_digest = expected_digest_owned;
} }