feat(tvix/castore/blobsvc): validate StatBlobResponse
All chunks must have valid blake3 digests. It is allowed to send an empty list, if no more granular chunking is available. Change-Id: I7ecb53579cdf40fd938bb68a85685751b4d3626f Reviewed-on: https://cl.tvl.fyi/c/depot/+/10726 Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com> Autosubmit: flokli <flokli@flokli.de>
This commit is contained in:
parent
5ad5a0da00
commit
9504015031
2 changed files with 29 additions and 0 deletions
|
@ -129,6 +129,10 @@ impl BlobService for GRPCBlobService {
|
|||
Err(e) => Err(io::Error::new(io::ErrorKind::Other, e)),
|
||||
Ok(resp) => {
|
||||
let resp = resp.into_inner();
|
||||
|
||||
resp.validate()
|
||||
.map_err(|e| std::io::Error::new(io::ErrorKind::InvalidData, e))?;
|
||||
|
||||
if resp.chunks.is_empty() {
|
||||
warn!("chunk list is empty");
|
||||
}
|
||||
|
|
|
@ -56,6 +56,14 @@ pub enum ValidateNodeError {
|
|||
InvalidSymlinkTarget(Vec<u8>),
|
||||
}
|
||||
|
||||
/// Errors that occur during StatBlobResponse validation
|
||||
#[derive(Debug, PartialEq, Eq, thiserror::Error)]
|
||||
pub enum ValidateStatBlobResponseError {
|
||||
/// Invalid digest length encountered
|
||||
#[error("Invalid digest length {0} for chunk #{1}")]
|
||||
InvalidDigestLen(usize, usize),
|
||||
}
|
||||
|
||||
/// Checks a Node name for validity as an intermediate node.
|
||||
/// We disallow slashes, null bytes, '.', '..' and the empty string.
|
||||
fn validate_node_name(name: &[u8]) -> Result<(), ValidateNodeError> {
|
||||
|
@ -299,6 +307,23 @@ impl Directory {
|
|||
}
|
||||
}
|
||||
|
||||
impl StatBlobResponse {
|
||||
/// Validates a StatBlobResponse. All chunks must have valid blake3 digests.
|
||||
/// It is allowed to send an empty list, if no more granular chunking is
|
||||
/// available.
|
||||
pub fn validate(&self) -> Result<(), ValidateStatBlobResponseError> {
|
||||
for (i, chunk) in self.chunks.iter().enumerate() {
|
||||
if chunk.digest.len() != blake3::KEY_LEN {
|
||||
return Err(ValidateStatBlobResponseError::InvalidDigestLen(
|
||||
chunk.digest.len(),
|
||||
i,
|
||||
));
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
/// Struct to hold the state of an iterator over all nodes of a Directory.
|
||||
///
|
||||
/// Internally, this keeps peekable Iterators over all three lists of a
|
||||
|
|
Loading…
Reference in a new issue