Before allowing a schema1 manifest to be stored in the registry, ensure that it

contains equal length History and FSLayer arrays. This is required to prevent malformed manifests being put to the registry and failing external verification checks. Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-11-03 11:03:17 -08:00 · 2015-11-03 11:03:17 -08:00 · 78b6d648fa
commit 78b6d648fa
parent 854fa0a4dd
3 changed files with 34 additions and 1 deletions
--- a/docs/storage/manifeststore.go
+++ b/docs/storage/manifeststore.go
@ -110,6 +110,11 @@ func (ms *manifestStore) verifyManifest(ctx context.Context, mnfst *schema1.Sign
 		errs = append(errs, fmt.Errorf("repository name does not match manifest name"))
 	}

+	if len(mnfst.History) != len(mnfst.FSLayers) {
+		errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d",
+			len(mnfst.History), len(mnfst.FSLayers)))
+	}
+
 	if _, err := schema1.Verify(mnfst); err != nil {
 		switch err {
 		case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey:
--- a/docs/storage/manifeststore_test.go
+++ b/docs/storage/manifeststore_test.go
@ -98,6 +98,10 @@ func TestManifestStorage(t *testing.T) {
 		m.FSLayers = append(m.FSLayers, schema1.FSLayer{
 			BlobSum: dgst,
 		})
+		m.History = append(m.History, schema1.History{
+			V1Compatibility: "",
+		})
+
 	}

 	pk, err := libtrust.GenerateECP256PrivateKey()