From ec5fa1f9d633b994c05564b3eec47eb3dcd2eeca Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Tue, 29 Nov 2016 17:22:07 -0800 Subject: [PATCH] schema1: Validate descriptors in AppendReference If the digest is malformed, it will cause a panic when building the manifest. Signed-off-by: Aaron Lehmann --- manifest/schema1/config_builder.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/manifest/schema1/config_builder.go b/manifest/schema1/config_builder.go index be012373..7e30eede 100644 --- a/manifest/schema1/config_builder.go +++ b/manifest/schema1/config_builder.go @@ -240,8 +240,13 @@ func (mb *configManifestBuilder) emptyTar(ctx context.Context) (digest.Digest, e // AppendReference adds a reference to the current ManifestBuilder func (mb *configManifestBuilder) AppendReference(d distribution.Describable) error { - // todo: verification here? - mb.descriptors = append(mb.descriptors, d.Descriptor()) + descriptor := d.Descriptor() + + if err := descriptor.Digest.Validate(); err != nil { + return err + } + + mb.descriptors = append(mb.descriptors, descriptor) return nil }