dgit.raspbian.org Git - ostree.git/commit

author	Colin Walters <walters@verbum.org>
	Fri, 25 Apr 2014 19:14:42 +0000 (15:14 -0400)
committer	Colin Walters <walters@verbum.org>
	Tue, 27 May 2014 18:15:27 +0000 (14:15 -0400)
commit	47610b45c2ac91d7d9749bc0a1ea5b3150a09a70
tree	1c3dcd3acbb51ebd54517872151615ece5a03356	tree \| snapshot
parent	6002356747239c1dbbb18a95498454243ab745e7	commit \| diff

Limit metadata to 10 MiB

If fetching GPG-signed commits over plain HTTP, a MitM attacker can
fill up the drive of targets by simply returning an enormous stream
for the commit object.

Related to this, an attacker can also cause OSTree to perform large
memory allocations by returning enormous GVariants in the metadata.

This helps close that attack by limiting all metadata objects to 10
MiB, so the initial fetch will be truncated.

But now the attack is only slightly more difficult as the attacker
will have to return a correctly formed commit object, then return a
large stream of < 10 MiB dirmeta/dirtree objects.

https://bugzilla.gnome.org/show_bug.cgi?id=725921

Makefile-tests.am		diff \| blob \| history
src/libostree/ostree-core.h		diff \| blob \| history
src/libostree/ostree-fetcher.c		diff \| blob \| history
src/libostree/ostree-fetcher.h		diff \| blob \| history
src/libostree/ostree-repo-commit.c		diff \| blob \| history
src/libostree/ostree-repo-pull.c		diff \| blob \| history
tests/test-pull-corruption.sh		diff \| blob \| history
tests/test-pull-large-metadata.sh	[new file with mode: 0644]	blob