Browse code
Make V2 code more defensive against malformed content
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Derek McGowan authored on 2014/10/04 08:16:03Showing 1 changed files
| ... | ... |
@@ -39,6 +39,9 @@ func (s *TagStore) verifyManifest(eng *engine.Engine, manifestBytes []byte) (*re |
| 39 | 39 |
if err := json.Unmarshal(payload, &manifest); err != nil {
|
| 40 | 40 |
return nil, false, fmt.Errorf("error unmarshalling manifest: %s", err)
|
| 41 | 41 |
} |
| 42 |
+ if manifest.SchemaVersion != 1 {
|
|
| 43 |
+ return nil, false, fmt.Errorf("unsupported schema version: %d", manifest.SchemaVersion)
|
|
| 44 |
+ } |
|
| 42 | 45 |
|
| 43 | 46 |
var verified bool |
| 44 | 47 |
for _, key := range keys {
|
| ... | ... |
@@ -454,6 +457,10 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri |
| 454 | 454 |
} |
| 455 | 455 |
out.Write(sf.FormatStatus(tag, "Pulling from %s", localName)) |
| 456 | 456 |
|
| 457 |
+ if len(manifest.BlobSums) == 0 {
|
|
| 458 |
+ return fmt.Errorf("no blobSums in manifest")
|
|
| 459 |
+ } |
|
| 460 |
+ |
|
| 457 | 461 |
downloads := make([]downloadInfo, len(manifest.BlobSums)) |
| 458 | 462 |
|
| 459 | 463 |
for i := len(manifest.BlobSums) - 1; i >= 0; i-- {
|
| ... | ... |
@@ -493,6 +500,7 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri |
| 493 | 493 |
log.Debugf("Image (id: %s) pull is already running, skipping: %v", img.ID, err)
|
| 494 | 494 |
} |
| 495 | 495 |
} else {
|
| 496 |
+ defer s.poolRemove("pull", "img:"+img.ID)
|
|
| 496 | 497 |
tmpFile, err := ioutil.TempFile("", "GetV2ImageBlob")
|
| 497 | 498 |
if err != nil {
|
| 498 | 499 |
return err |
| ... | ... |
@@ -513,7 +521,6 @@ func (s *TagStore) pullV2Tag(eng *engine.Engine, r *registry.Session, out io.Wri |
| 513 | 513 |
di.downloaded = true |
| 514 | 514 |
} |
| 515 | 515 |
di.imgJSON = imgJSON |
| 516 |
- defer s.poolRemove("pull", "img:"+img.ID)
|
|
| 517 | 516 |
|
| 518 | 517 |
return nil |
| 519 | 518 |
} |