From e64e97ee23bdcc0529036bd4cb66eabfd97cb45d Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Wed, 11 Oct 2023 13:09:07 +0200
Subject: feat(tvix/store): validate nar_sha256

Change-Id: I4c4dcdb75ea7748f2ab01a0bab218596b90b7b58
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9648
Reviewed-by: edef <edef@edef.eu>
Tested-by: BuildkiteCI
---
 tvix/store/src/proto/mod.rs            | 15 +++++++++++++--
 tvix/store/src/proto/tests/pathinfo.rs | 13 +++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

(limited to 'tvix/store/src/proto')

diff --git a/tvix/store/src/proto/mod.rs b/tvix/store/src/proto/mod.rs
index c1d9d0c46eb5..f95ea62f972e 100644
--- a/tvix/store/src/proto/mod.rs
+++ b/tvix/store/src/proto/mod.rs
@@ -42,6 +42,10 @@ pub enum ValidatePathInfoError {
     #[error("Invalid Digest length: expected {}, got {}", B3_LEN, .0)]
     InvalidNodeDigestLen(usize),
 
+    /// The digest in narinfo.nar_sha256 has an invalid len.
+    #[error("Invalid narinfo.nar_sha256 length: expected {}, got {}", 32, .0)]
+    InvalidNarSha256DigestLen(usize),
+
     /// The number of references in the narinfo.reference_names field does not match
     /// the number of references in the .references field.
     #[error("Inconsistent Number of References: {0} (references) vs {1} (narinfo)")]
@@ -90,9 +94,16 @@ impl PathInfo {
             }
         }
 
-        // If there is a narinfo field populated, ensure the number of references there
-        // matches PathInfo.references count.
+        // If there is a narinfo field populated…
         if let Some(narinfo) = &self.narinfo {
+            // ensure the nar_sha256 digest has the correct length.
+            if narinfo.nar_sha256.len() != 32 {
+                return Err(ValidatePathInfoError::InvalidNarSha256DigestLen(
+                    narinfo.nar_sha256.len(),
+                ));
+            }
+
+            // ensure the number of references there matches PathInfo.references count.
             if narinfo.reference_names.len() != self.references.len() {
                 return Err(ValidatePathInfoError::InconsistentNumberOfReferences(
                     self.references.len(),
diff --git a/tvix/store/src/proto/tests/pathinfo.rs b/tvix/store/src/proto/tests/pathinfo.rs
index 43a94e0d46ae..cfecbac3b82e 100644
--- a/tvix/store/src/proto/tests/pathinfo.rs
+++ b/tvix/store/src/proto/tests/pathinfo.rs
@@ -162,6 +162,19 @@ fn validate_references_with_narinfo_ok() {
     assert!(PATH_INFO_WITH_NARINFO.validate().is_ok());
 }
 
+/// Create a PathInfo with a wrong digest length in narinfo.nar_sha256, and
+/// ensure validation fails.
+#[test]
+fn validate_wrong_nar_sha256() {
+    let mut path_info = PATH_INFO_WITH_NARINFO.clone();
+    path_info.narinfo.as_mut().unwrap().nar_sha256 = vec![0xbe, 0xef].into();
+
+    match path_info.validate().expect_err("must_fail") {
+        ValidatePathInfoError::InvalidNarSha256DigestLen(2) => {}
+        e => panic!("unexpected error: {:?}", e),
+    };
+}
+
 /// Create a PathInfo with a wrong count of narinfo.reference_names,
 /// and ensure validation fails.
 #[test]
-- 
cgit 1.4.1