pull: Validate delta checksums more strongly

We need to check that it's 'ay'.  Also reuse the existing validation
function to check it's 32 bytes rather than potentially crashing with
assertion.

Just noticed this during a code review.

diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index c6d4c45bb03d9bbfcaabc465f42c1589e07fa1f9..608a7b4ff8e25944e8a8f9b274861c93b55b686d 100644 (file)
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -1557,6 +1557,28 @@ process_one_static_delta (OtPullData   *pull_data,
   return ret;
 }
 
+static gboolean
+validate_variant_is_csum (GVariant       *csum,
+                          GError        **error)
+{
+  gboolean ret = FALSE;
+
+  if (!g_variant_is_of_type (csum, G_VARIANT_TYPE ("ay")))
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Invalid checksum variant of type '%s', expected 'ay'",
+                   g_variant_get_type_string (csum));
+      goto out;
+    }
+
+  if (!ostree_validate_structureof_csum_v (csum, error))
+    goto out;
+  
+  ret = TRUE;
+ out:
+  return ret;
+}
+
 /* documented in ostree-repo.c */
 gboolean
 ostree_repo_pull (OstreeRepo               *self,
@@ -1962,7 +1984,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
           n = deltas ? g_variant_n_children (deltas) : 0;
           for (i = 0; i < n; i++)
             {
-              gsize size;
               const char *delta;
               GVariant *csum_v = NULL;
               guchar *csum_data = g_malloc (32);
@@ -1971,11 +1992,8 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
               g_variant_get_child (ref, 0, "&s", &delta);
               g_variant_get_child (ref, 1, "v", &csum_v);
 
-              size = g_variant_get_size (csum_v);
-
-              g_assert_cmpint (size, ==, 32);
-              if (size != 32)
-                continue;
+              if (!validate_variant_is_csum (csum_v, error))
+                goto out;
 
               memcpy (csum_data, ostree_checksum_bytes_peek (csum_v), 32);
               g_hash_table_insert (pull_data->summary_deltas_checksums,