github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request from GHSA-259w-8hf6-59c2

Browse Source 
importer: stream oci-layout and manifest.json
This commit is contained in:
Derek McGowan 2023-02-15 13:44:49 -08:00 committed by GitHub
commit 583e24a1b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
images/archive/importer.go
View File

@ -233,12 +233,14 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader, opt
return writeManifest(ctx, store, idx, ocispec.MediaTypeImageIndex) return writeManifest(ctx, store, idx, ocispec.MediaTypeImageIndex)
} }
const (
kib = 1024
mib = 1024 * kib
jsonLimit = 20 * mib
)
func onUntarJSON(r io.Reader, j interface{}) error { func onUntarJSON(r io.Reader, j interface{}) error {
b, err := io.ReadAll(r) return json.NewDecoder(io.LimitReader(r, jsonLimit)).Decode(j)
if err != nil {
return err
}
return json.Unmarshal(b, j)
} }
func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size int64, ref string) (digest.Digest, error) { func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size int64, ref string) (digest.Digest, error) {