From 1f5f9bad398e374eaf4fffffa5da2c96d7d4e06a Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Wed, 2 Dec 2015 15:57:47 -0800
Subject: [PATCH] Validate digest length on parsing

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
---
 docs/storage/cache/cachecheck/suite.go | 10 ++++----
 docs/storage/manifeststore_test.go     |  8 +++---
 docs/storage/paths_test.go             | 34 +++++++++++++-------------
 3 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/docs/storage/cache/cachecheck/suite.go b/docs/storage/cache/cachecheck/suite.go
index ed0f95fd..42390953 100644
--- a/docs/storage/cache/cachecheck/suite.go
+++ b/docs/storage/cache/cachecheck/suite.go
@@ -20,7 +20,7 @@ func CheckBlobDescriptorCache(t *testing.T, provider cache.BlobDescriptorCachePr
 }
 
 func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context, provider cache.BlobDescriptorCacheProvider) {
-	if _, err := provider.Stat(ctx, "sha384:abc"); err != distribution.ErrBlobUnknown {
+	if _, err := provider.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
 		t.Fatalf("expected unknown blob error with empty store: %v", err)
 	}
 
@@ -41,7 +41,7 @@ func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context,
 		t.Fatalf("expected error with invalid digest: %v", err)
 	}
 
-	if err := cache.SetDescriptor(ctx, "sha384:abc", distribution.Descriptor{
+	if err := cache.SetDescriptor(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", distribution.Descriptor{
 		Digest:    "",
 		Size:      10,
 		MediaType: "application/octet-stream"}); err == nil {
@@ -52,15 +52,15 @@ func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context,
 		t.Fatalf("expected error checking for cache item with empty digest: %v", err)
 	}
 
-	if _, err := cache.Stat(ctx, "sha384:abc"); err != distribution.ErrBlobUnknown {
+	if _, err := cache.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
 		t.Fatalf("expected unknown blob error with empty repo: %v", err)
 	}
 }
 
 func checkBlobDescriptorCacheSetAndRead(t *testing.T, ctx context.Context, provider cache.BlobDescriptorCacheProvider) {
-	localDigest := digest.Digest("sha384:abc")
+	localDigest := digest.Digest("sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")
 	expected := distribution.Descriptor{
-		Digest:    "sha256:abc",
+		Digest:    "sha256:abc1111111111111111111111111111111111111111111111111111111111111",
 		Size:      10,
 		MediaType: "application/octet-stream"}
 
diff --git a/docs/storage/manifeststore_test.go b/docs/storage/manifeststore_test.go
index 51370e17..928ce219 100644
--- a/docs/storage/manifeststore_test.go
+++ b/docs/storage/manifeststore_test.go
@@ -385,15 +385,15 @@ func TestLinkPathFuncs(t *testing.T) {
 	}{
 		{
 			repo:       "foo/bar",
-			digest:     "sha256:deadbeaf",
+			digest:     "sha256:deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 			linkPathFn: blobLinkPath,
-			expected:   "/docker/registry/v2/repositories/foo/bar/_layers/sha256/deadbeaf/link",
+			expected:   "/docker/registry/v2/repositories/foo/bar/_layers/sha256/deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/link",
 		},
 		{
 			repo:       "foo/bar",
-			digest:     "sha256:deadbeaf",
+			digest:     "sha256:deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 			linkPathFn: manifestRevisionLinkPath,
-			expected:   "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/deadbeaf/link",
+			expected:   "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/link",
 		},
 	} {
 		p, err := testcase.linkPathFn(testcase.repo, testcase.digest)
diff --git a/docs/storage/paths_test.go b/docs/storage/paths_test.go
index 9e91a3fa..238e2f37 100644
--- a/docs/storage/paths_test.go
+++ b/docs/storage/paths_test.go
@@ -15,31 +15,31 @@ func TestPathMapper(t *testing.T) {
 		{
 			spec: manifestRevisionPathSpec{
 				name:     "foo/bar",
-				revision: "sha256:abcdef0123456789",
+				revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 			},
-			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789",
+			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 		},
 		{
 			spec: manifestRevisionLinkPathSpec{
 				name:     "foo/bar",
-				revision: "sha256:abcdef0123456789",
+				revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 			},
-			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789/link",
+			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/link",
 		},
 		{
 			spec: manifestSignatureLinkPathSpec{
 				name:      "foo/bar",
-				revision:  "sha256:abcdef0123456789",
-				signature: "sha256:abcdef0123456789",
+				revision:  "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
+				signature: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 			},
-			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789/signatures/sha256/abcdef0123456789/link",
+			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/signatures/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/link",
 		},
 		{
 			spec: manifestSignaturesPathSpec{
 				name:     "foo/bar",
-				revision: "sha256:abcdef0123456789",
+				revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 			},
-			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789/signatures",
+			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/signatures",
 		},
 		{
 			spec: manifestTagsPathSpec{
@@ -72,17 +72,17 @@ func TestPathMapper(t *testing.T) {
 			spec: manifestTagIndexEntryPathSpec{
 				name:     "foo/bar",
 				tag:      "thetag",
-				revision: "sha256:abcdef0123456789",
+				revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 			},
-			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789",
+			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 		},
 		{
 			spec: manifestTagIndexEntryLinkPathSpec{
 				name:     "foo/bar",
 				tag:      "thetag",
-				revision: "sha256:abcdef0123456789",
+				revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
 			},
-			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789/link",
+			expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/link",
 		},
 		{
 			spec: layerLinkPathSpec{
@@ -93,15 +93,15 @@ func TestPathMapper(t *testing.T) {
 		},
 		{
 			spec: blobDataPathSpec{
-				digest: digest.Digest("tarsum.dev+sha512:abcdefabcdefabcdef908909909"),
+				digest: digest.Digest("tarsum.dev+sha512:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"),
 			},
-			expected: "/docker/registry/v2/blobs/tarsum/dev/sha512/ab/abcdefabcdefabcdef908909909/data",
+			expected: "/docker/registry/v2/blobs/tarsum/dev/sha512/ab/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/data",
 		},
 		{
 			spec: blobDataPathSpec{
-				digest: digest.Digest("tarsum.v1+sha256:abcdefabcdefabcdef908909909"),
+				digest: digest.Digest("tarsum.v1+sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"),
 			},
-			expected: "/docker/registry/v2/blobs/tarsum/v1/sha256/ab/abcdefabcdefabcdef908909909/data",
+			expected: "/docker/registry/v2/blobs/tarsum/v1/sha256/ab/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/data",
 		},
 
 		{