Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: containers/image
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v5.30.0
Choose a base ref
...
head repository: containers/image
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v5.30.1
Choose a head ref
  • 8 commits
  • 26 files changed
  • 1 contributor

Commits on May 9, 2024

  1. Validate digests before using them 

    If doing it makes sense at all, it should happen before
the values are used.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    2bcb834 View commit details
    Browse the repository at this point in the history

  2. Call .Validate() before digest.Hex() / digest.Encoded() 

    ... to prevent panics if the value does not contain a :, or other unexpected
values (e.g. a path traversal).

Don't bother on paths where we computed the digest ourselves, or it is already trusted
for other reasons.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    39e7c91 View commit details
    Browse the repository at this point in the history

  3. Refactor the error handling path of saveStream 

    Use defer() to remove the temporary file, instead
of duplicating the call.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    a802d65 View commit details
    Browse the repository at this point in the history

  4. Refactor the error handling further 

    Use defer, a nested function, and early returns.

Besides being a bit more directly related to what
we want to achieve, this now does not call decompressed.Close()
on a nil value if DecompressStream fails.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    4a3785d View commit details
    Browse the repository at this point in the history

  5. Call .Validate() before digest.Digest.String() if necessary 

    ... to prevent unexpected behavior on invalid values.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    a9225e4 View commit details
    Browse the repository at this point in the history

  6. Validate the tags returned by a registry 

    Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    b724ee7 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #2404 from mtrmac/digest-unmarshal-5.30 

    [release-5.30] Fix CVE-2024-3727
    @mtrmac
    mtrmac authored May 9, 2024
    Configuration menu
    Copy the full SHA
    132678b View commit details
    Browse the repository at this point in the history

  8. Release 5.30.1 

    This fixes CVE-2024-3727 .

Digest values used throughout this library were not always validated.
That allowed attackers to trigger, when pulling untrusted images,
unexpected authenticated registry accesses on behalf of a victim user.

In less common uses of this library (using other transports or not using
the containers/image/v5/copy.Image API), an attacker could also trigger
local path traversals or crashes.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed May 9, 2024
    Configuration menu
    Copy the full SHA
    56e750a View commit details
    Browse the repository at this point in the history
Loading