Skip to content

Validate digest length on parsing #1231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stevvooe merged 1 commit into from
Dec 3, 2015
Merged

Validate digest length on parsing #1231

stevvooe merged 1 commit into from
Dec 3, 2015

Conversation

@tonistiigi
Copy link
Contributor

@tonistiigi tonistiigi commented Dec 3, 2015

@aaronlehmann @dmcgowan

The new error is mostly so that digest.Set doesn't need a special way to figure out if invalid digest had a algorithm prefix or not.

Signed-off-by: Tonis Tiigi tonistiigi@gmail.com

@tonistiigi
Validate digest length on parsing
f015982 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@stevvooe
Copy link
Collaborator

stevvooe commented Dec 3, 2015

This assumes that digests have fixed size output. Do we want to force this on all future hash implementations? Are there any variable length hashes that we may want to support in the future?

I think the answer is yes, all digest implementations have a fixed size hash output.

@aaronlehmann
Copy link

aaronlehmann commented Dec 3, 2015

I think it's reasonable to assume a fixed hash size.

stevvooe
stevvooe reviewed Dec 3, 2015
View reviewed changes
digest/digester.go
Copy link
Collaborator

@stevvooe stevvooe Dec 3, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this break tarsum?

Copy link
Contributor Author

@tonistiigi tonistiigi Dec 3, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tarsum has its own parse method so isn't affected(not better or worse). I can try to fix tarsum as well if needed, of course.

@tonistiigi
Copy link
Contributor Author

tonistiigi commented Dec 3, 2015

@stevvooe If there is ever a case where fix length doesn't work, Size can be easily changed to a ValidateSize method with exceptions. But don't see need for that atm.

@stevvooe
Copy link
Collaborator

stevvooe commented Dec 3, 2015

@tonistiigi I think we're okay. SHA3, blake etc. all have fixed length output. As a matter of security, this is probably more than okay to enforce.

LGTM

@dmcgowan
Copy link
Collaborator

dmcgowan commented Dec 3, 2015

LGTM

stevvooe added a commit that referenced this pull request Dec 3, 2015
@stevvooe
Merge pull request #1231 from tonistiigi/digest-length-check
4cf9371 
Validate digest length on parsing
@stevvooe stevvooe merged commit 4cf9371 into distribution:master Dec 3, 2015
@tonistiigi tonistiigi mentioned this pull request Dec 3, 2015
Merged
wking added a commit to wking/go-digest that referenced this pull request Jun 9, 2017
@wking
algorithm: Deprecate ErrDigestInvalidLength
b297dcc 
This error was added in 9721254 (Validate digest length on parsing,
2015-12-02) and motivated with [1]:

> The new error is mostly so that digest.Set doesn't need a special
> way to figure out if invalid digest had a algorithm prefix or not.

That doesn't make sense to me, because Digest.Validate returns
ErrDigestUnsupported when there is no algorithm prefix (I've added a
test to confirm this as well), and that seems orthogonal to encoding
validation (which is the only place ErrDigestInvalidLength could
matter).  From the other changes in [1], I think the issue was just
that invalid lengths weren't raising errors at all.

I see no reason to distinguish between invalid lengths, invalid
characters, and other invalid-encoded-portion errors, so this commit
collapses the error into ErrDigestInvalidFormat.

[1]: distribution/distribution#1231

Signed-off-by: W. Trevor King <wking@tremily.us>
@wking wking mentioned this pull request Jun 9, 2017
Closed
wking added a commit to wking/go-digest that referenced this pull request Jun 9, 2017
@wking
algorithm: Deprecate ErrDigestInvalidLength
1167650 
This error was added in 9721254 (Validate digest length on parsing,
2015-12-02) and motivated with [1]:

> The new error is mostly so that digest.Set doesn't need a special
> way to figure out if invalid digest had a algorithm prefix or not.

That doesn't make sense to me, because Digest.Validate returns
ErrDigestUnsupported when there is no algorithm prefix (I've added a
test to confirm this as well), and that seems orthogonal to encoding
validation (which is the only place ErrDigestInvalidLength could
matter).  From the other changes in [1], I think the issue was just
that invalid lengths weren't raising errors at all.

I see no reason to distinguish between invalid lengths, invalid
characters, and other invalid-encoded-portion errors, so this commit
collapses the error into ErrDigestInvalidFormat.

The code I'm removing assumed hex (with '.Size() * 2'), so this commit
removes that assumption. The sha256 and other hex-based algorithms are
still getting their lengths validated via anchoredEncodedRegexps.

[1]: distribution/distribution#1231

Signed-off-by: W. Trevor King <wking@tremily.us>
thaJeztah pushed a commit to thaJeztah/distribution that referenced this pull request Apr 22, 2021
@stevvooe
Merge pull request distribution#1231 from tonistiigi/digest-length-check
c061a0b 
Validate digest length on parsing
thaJeztah pushed a commit to thaJeztah/distribution that referenced this pull request Jan 19, 2022
@stevvooe
Merge pull request distribution#1231 from tonistiigi/digest-length-check
fb89fd3 
Validate digest length on parsing
@thaJeztah thaJeztah mentioned this pull request Sep 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tonistiigi @stevvooe @aaronlehmann @dmcgowan @GordonTheTurtle