On Fri, 2015-05-15 at 15:56 +0200, Lennart Poettering wrote: > On Fri, 15.05.15 15:32, Pavel Odvody (podv...@redhat.com) wrote: > > > > > + else if (!startswith(ref, "sha256")) > > > > + return false; > > > > + > > > > + else if (!in_charset(colon + 1, "0123456789abcdef")) > > > > + return false; > > > > > > > > > Hmm, how precisely do this refs look, can you provide some examples? > > > > > > Right now you do not validate anything between "sha256" and the first > > > ":", that's not intended, is it? > > > > > > Lennart > > > > > > > You're right, there's a blind spot, the digest reference looks like > > this: > > > > sha256:7266a84a67d01165f222eac5785fed00791eb3aec0fd8a18086b76310280d9da > > > > Thanks for catching this. > > Does the the part after the colon have a variable length? Or isn't it > fixed length for the "sha256:" prefix? If it's fixed size it should > probably be verified, too. > > If it's variable size, does it have a minimum and maximum size? > Presumably, right? I figure it definitely can't have zero length, > right? > > Lennart >
yes, sha256 - 256bits / 8 = 64bytes (can easily extrapolate other SHAs)
Zero-length/invalid value would be an error resulting in 404.
But I wonder whether we want to do that level of validation as the check
is mostly sanity.
Something like this?
typedef struct HashInfo {
char *name;
size_t length;
} HashInfo;
static HashInfo hashes[] = {
{"sha256", 64},
{"sha384", 96},
{"sha512", 128},
...
};
What do you think?
--
Pavel Odvody <podv...@redhat.com>
Software Engineer - EMEA ENG Developer Experience
5EC1 95C1 8E08 5BD9 9BBF 9241 3AFA 3A66 024F F68D
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno
signature.asc
Description: This is a digitally signed message part
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
