[systemd-devel] [PATCH 1/5] shared/import-util: tag renamed to reference to support v2 pull by digest
Lennart Poettering
lennart at poettering.net
Fri May 15 06:56:27 PDT 2015
On Fri, 15.05.15 15:32, Pavel Odvody (podvody at redhat.com) wrote:
> > > + else if (!startswith(ref, "sha256"))
> > > + return false;
> > > +
> > > + else if (!in_charset(colon + 1, "0123456789abcdef"))
> > > + return false;
> >
> >
> > Hmm, how precisely do this refs look, can you provide some examples?
> >
> > Right now you do not validate anything between "sha256" and the first
> > ":", that's not intended, is it?
> >
> > Lennart
> >
>
> You're right, there's a blind spot, the digest reference looks like
> this:
>
> sha256:7266a84a67d01165f222eac5785fed00791eb3aec0fd8a18086b76310280d9da
>
> Thanks for catching this.
Does the the part after the colon have a variable length? Or isn't it
fixed length for the "sha256:" prefix? If it's fixed size it should
probably be verified, too.
If it's variable size, does it have a minimum and maximum size?
Presumably, right? I figure it definitely can't have zero length,
right?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list