Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-security digest.Digest use cleanups #2410

Merged
merged 7 commits into from
May 14, 2024
Merged

Non-security digest.Digest use cleanups #2410

merged 7 commits into from
May 14, 2024

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented May 9, 2024

A set of cleanups around creating/validating digest.Digest values, in places where it should not be exploitable.

See individual commit messages for details.

A side effect of the code audit required by CVE-2024-3727 .

@rhatdan
Copy link
Member

rhatdan commented May 13, 2024

LGTM
@giuseppe @Luap99 @mheon @baude PTAL

mtrmac added 7 commits May 14, 2024 01:01
@mtrmac
Don't use the "decrypted digest" when decrypting layers
95cd137 
Should not actually change behavior, the value is never set.

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac
Use digest.Parse() instead just a cast to digest.Digest
1f66d1a 
These cases should be safe because the data is either trusted
(ostree), or validated by an exact match later (signatures)

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac
Validate a DiffID value before we record it in expectedLayerDiffIDFlag .
ef9464e 
Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac
Split blobCacheSource.layerInfoForCopy from LayerInfosForCopy
6040eef 
... so that we can simplify the error handling paths.

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac
Use early exits in layerInfoForCopy
1a7789c 
Should not change behavior.

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac
Don't use the same "alternate" variable for two different kinds of paths
b7ef16c 
Should not change behavior.

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac
Avoid digest.Digest() conversions
496e3af 
Use the ordinary digest.Parse() instead of separate digest.Validate() and conversions.

Should not change behavior.

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac mtrmac force-pushed the digest-nonsecurity branch from 1944cce to 496e3af Compare May 13, 2024 23:02
giuseppe
giuseppe approved these changes May 14, 2024
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@giuseppe giuseppe merged commit 5710389 into containers:main May 14, 2024
10 checks passed
@mtrmac mtrmac deleted the digest-nonsecurity branch May 14, 2024 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giuseppe giuseppe giuseppe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mtrmac @rhatdan @giuseppe