about summary refs log tree commit diff
path: root/tvix/store/protos
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2023-10-11T11·08+0200
committerflokli <flokli@flokli.de>2023-10-11T15·29+0000
commit8ced43f3c79d61c91c88ad86b8f7b801b94d93f3 (patch)
treef94be36e433f392cd1a96d2de441c2800823ba67 /tvix/store/protos
parent6dab6081985dc0ccda0fcbcd45714ac122c229ef (diff)
feat(tvix/store/protos): validate NarSha256 r/6785
Change-Id: I016d1b020b04850f0dca68c2ea96643230dada10
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9649
Reviewed-by: Brian McGee <brian@bmcgee.ie>
Tested-by: BuildkiteCI
Diffstat (limited to 'tvix/store/protos')
-rw-r--r--tvix/store/protos/pathinfo.go6
-rw-r--r--tvix/store/protos/pathinfo_test.go12
2 files changed, 17 insertions, 1 deletions
diff --git a/tvix/store/protos/pathinfo.go b/tvix/store/protos/pathinfo.go
index 595a1b4fab72..2c718c6245d5 100644
--- a/tvix/store/protos/pathinfo.go
+++ b/tvix/store/protos/pathinfo.go
@@ -2,6 +2,7 @@ package storev1
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
 
@@ -20,6 +21,11 @@ func (p *PathInfo) Validate() (*storepath.StorePath, error) {
 
 	// If there's a Narinfo field populated..
 	if narInfo := p.GetNarinfo(); narInfo != nil {
+		// ensure the NarSha256 digest has the correct length.
+		if len(narInfo.GetNarSha256()) != sha256.Size {
+			return nil, fmt.Errorf("invalid number of bytes for NarSha256: expected %d, got %d", sha256.Size, len(narInfo.GetNarSha256()))
+		}
+
 		// ensure the number of references matches len(References).
 		if len(narInfo.GetReferenceNames()) != len(p.GetReferences()) {
 			return nil, fmt.Errorf("inconsistent number of references: %d (references) vs %d (narinfo)", len(narInfo.GetReferenceNames()), len(p.GetReferences()))
diff --git a/tvix/store/protos/pathinfo_test.go b/tvix/store/protos/pathinfo_test.go
index adac30a97f88..74af50e5691f 100644
--- a/tvix/store/protos/pathinfo_test.go
+++ b/tvix/store/protos/pathinfo_test.go
@@ -34,7 +34,7 @@ func genPathInfoSymlink() *storev1pb.PathInfo {
 		References: [][]byte{exampleStorePathDigest},
 		Narinfo: &storev1pb.NARInfo{
 			NarSize:        0,
-			NarSha256:      []byte{},
+			NarSha256:      []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 			Signatures:     []*storev1pb.NARInfo_Signature{},
 			ReferenceNames: []string{EXAMPLE_STORE_PATH},
 		},
@@ -61,6 +61,16 @@ func TestValidate(t *testing.T) {
 		assert.Equal(t, "00000000000000000000000000000000-dummy", storePath.String())
 	})
 
+	t.Run("invalid nar_sha256", func(t *testing.T) {
+		pi := genPathInfoSymlink()
+
+		// create broken references, where the reference digest is wrong
+		pi.Narinfo.NarSha256 = []byte{0xbe, 0xef}
+
+		_, err := pi.Validate()
+		assert.Error(t, err, "must not validate")
+	})
+
 	t.Run("invalid reference digest", func(t *testing.T) {
 		pi := genPathInfoSymlink()