pull: Validate layer digest format

Otherwise a malformed or empty digest may cause a panic. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
author: Brian Goff <cpuguy83@gmail.com> 2020-10-12 18:08:28 +0000
committer: Tibor Vass <tibor@docker.com> 2021-01-28 21:33:12 +0000
commit: a7d4af84bd2f189b921c3ec60796aa825e3a0f2a (patch)
tree: a20750a9eb9eae526272b262fc0dd6ee8a4790ec /builder
parent: 611eb6ffb32aa37876b4b47cec12e4fd47610838 (diff)
download: docker-a7d4af84bd2f189b921c3ec60796aa825e3a0f2a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/builder/builder-next/adapters/containerimage/pull.go b/builder/builder-next/adapters/containerimage/pull.go
index 733a337e87..e731e3e143 100644
--- a/builder/builder-next/adapters/containerimage/pull.go
+++ b/builder/builder-next/adapters/containerimage/pull.go
@@ -524,6 +524,9 @@ func (p *puller) Snapshot(ctx context.Context, g session.Group) (cache.Immutable
 	layers := make([]xfer.DownloadDescriptor, 0, len(mfst.Layers))
 
 	for i, desc := range mfst.Layers {
+		if err := desc.Digest.Validate(); err != nil {
+			return nil, errors.Wrap(err, "layer digest could not be validated")
+		}
 		ongoing.add(desc)
 		layers = append(layers, &layerDescriptor{
 			desc:    desc,
author	Brian Goff <cpuguy83@gmail.com>	2020-10-12 18:08:28 +0000
committer	Tibor Vass <tibor@docker.com>	2021-01-28 21:33:12 +0000
commit	a7d4af84bd2f189b921c3ec60796aa825e3a0f2a (patch)
tree	a20750a9eb9eae526272b262fc0dd6ee8a4790ec /builder
parent	611eb6ffb32aa37876b4b47cec12e4fd47610838 (diff)
download	docker-a7d4af84bd2f189b921c3ec60796aa825e3a0f2a.tar.gz