diff options
author | Florian Klink <flokli@flokli.de> | 2023-10-11T11·09+0200 |
---|---|---|
committer | flokli <flokli@flokli.de> | 2023-10-11T15·29+0000 |
commit | e64e97ee23bdcc0529036bd4cb66eabfd97cb45d (patch) | |
tree | 0db9024a16e941f4473e0dd4cd0623a1e0645bcb | |
parent | 8ced43f3c79d61c91c88ad86b8f7b801b94d93f3 (diff) |
feat(tvix/store): validate nar_sha256 r/6786
Change-Id: I4c4dcdb75ea7748f2ab01a0bab218596b90b7b58 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9648 Reviewed-by: edef <edef@edef.eu> Tested-by: BuildkiteCI
-rw-r--r-- | tvix/store/src/proto/mod.rs | 15 | ||||
-rw-r--r-- | tvix/store/src/proto/tests/pathinfo.rs | 13 |
2 files changed, 26 insertions, 2 deletions
diff --git a/tvix/store/src/proto/mod.rs b/tvix/store/src/proto/mod.rs index c1d9d0c46eb5..f95ea62f972e 100644 --- a/tvix/store/src/proto/mod.rs +++ b/tvix/store/src/proto/mod.rs @@ -42,6 +42,10 @@ pub enum ValidatePathInfoError { #[error("Invalid Digest length: expected {}, got {}", B3_LEN, .0)] InvalidNodeDigestLen(usize), + /// The digest in narinfo.nar_sha256 has an invalid len. + #[error("Invalid narinfo.nar_sha256 length: expected {}, got {}", 32, .0)] + InvalidNarSha256DigestLen(usize), + /// The number of references in the narinfo.reference_names field does not match /// the number of references in the .references field. #[error("Inconsistent Number of References: {0} (references) vs {1} (narinfo)")] @@ -90,9 +94,16 @@ impl PathInfo { } } - // If there is a narinfo field populated, ensure the number of references there - // matches PathInfo.references count. + // If there is a narinfo field populated… if let Some(narinfo) = &self.narinfo { + // ensure the nar_sha256 digest has the correct length. + if narinfo.nar_sha256.len() != 32 { + return Err(ValidatePathInfoError::InvalidNarSha256DigestLen( + narinfo.nar_sha256.len(), + )); + } + + // ensure the number of references there matches PathInfo.references count. if narinfo.reference_names.len() != self.references.len() { return Err(ValidatePathInfoError::InconsistentNumberOfReferences( self.references.len(), diff --git a/tvix/store/src/proto/tests/pathinfo.rs b/tvix/store/src/proto/tests/pathinfo.rs index 43a94e0d46ae..cfecbac3b82e 100644 --- a/tvix/store/src/proto/tests/pathinfo.rs +++ b/tvix/store/src/proto/tests/pathinfo.rs @@ -162,6 +162,19 @@ fn validate_references_with_narinfo_ok() { assert!(PATH_INFO_WITH_NARINFO.validate().is_ok()); } +/// Create a PathInfo with a wrong digest length in narinfo.nar_sha256, and +/// ensure validation fails. +#[test] +fn validate_wrong_nar_sha256() { + let mut path_info = PATH_INFO_WITH_NARINFO.clone(); + path_info.narinfo.as_mut().unwrap().nar_sha256 = vec![0xbe, 0xef].into(); + + match path_info.validate().expect_err("must_fail") { + ValidatePathInfoError::InvalidNarSha256DigestLen(2) => {} + e => panic!("unexpected error: {:?}", e), + }; +} + /// Create a PathInfo with a wrong count of narinfo.reference_names, /// and ensure validation fails. #[test] |