Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate digests of data downloaded while fetching sigstore attachments #2689

Merged
merged 1 commit into from
Jan 21, 2025
Merged

Validate digests of data downloaded while fetching sigstore attachments #2689

merged 1 commit into from
Jan 21, 2025

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Jan 21, 2025

This is not a security vulnerability because the registry can just as well send a manifest modified to match, but doing this correctly protects us in case this function were used for other purposes in the future.

Fixes #2687.

@mtrmac
Validate digests of data downloaded while fetching sigstore attachments
ccd291e 
This is not a security vulnerability because the registry can just as well
send a manifest modified to match, but doing this correctly protects us
in case this function were used for other purposes in the future.

Fixes containers#2687.

Signed-off-by: Miloslav Trmač <[email protected]>
cgwalters
cgwalters approved these changes Jan 21, 2025
View reviewed changes
docker/docker_client.go
if !digestAlgorithm.Available() {
return nil, fmt.Errorf("invalid digest %q: unsupported digest algorithm %q", desc.Digest.String(), digestAlgorithm.String())
}

reader, _, err := c.getBlob(ctx, ref, manifest.BlobInfoFromOCI1Descriptor(desc), cache)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine, but I think it'd be even clearer to merge getBlob and this function. Or at a minimum, rename getBlob to getRawBlobNoChecksumVerification or something...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getBlob is primarily used by the public dockerImageSource.GetBlob, which must support streaming very large objects, and inherits both its interface and its (non-digesting) semantics.

And GetBlob is (sadly?) a public stable API. Having it automatically digest the contents would be interesting in the abstract, but all existing callers would should already be digesting it themselves, and doing that twice is rather costly, so I don’t think it makes sense to change the behavior of the existing function.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK sorry, I thought it was only called here.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

… another point, we don’t want every single transport to implement the digest validation itself; centralizing that in c/image/copy makes it easier to prove that the validation is always happening.

But at least the naming point is very apt; if we were ever redesigning the ImageSource API (it should be an object with methods, not an interface), GetBlob should be definitely renamed to something that emphasizes the caller needs to validate the contents — or maybe this should be centralized into the ImageSource-replacing wrapper object.

@cgwalters cgwalters merged commit a45ebe0 into containers:main Jan 21, 2025
10 checks passed
@mtrmac mtrmac deleted the validate-sigstore-digests branch January 21, 2025 23:18
@mtrmac mtrmac added the kind/bug A defect in an existing functionality (or a PR fixing it) label Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgwalters cgwalters cgwalters approved these changes

Assignees
No one assigned
Labels
kind/bug A defect in an existing functionality (or a PR fixing it)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

dockerClient.getOCIDescriptorContents does not validate the contents against the digest
2 participants
@mtrmac @cgwalters