struct wim_dentry *root;
const struct wim_lookup_table_entry *metadata_lte;
u64 metadata_len;
- struct wim_security_data *security_data;
+ u8 hash[SHA1_HASH_SIZE];
metadata_lte = imd->metadata_lte;
metadata_len = wim_resource_size(metadata_lte);
if (ret)
goto out_free_buf;
+ sha1_buffer(buf, metadata_len, hash);
+ if (!hashes_equal(metadata_lte->hash, hash))
+ {
+ ERROR("Metadata resource is corrupted (invalid SHA-1 message digest)!");
+ ret = WIMLIB_ERR_INVALID_RESOURCE_HASH;
+ goto out_free_buf;
+ }
+
DEBUG("Finished reading metadata resource into memory.");
/* The root directory entry starts after security data, aligned on an
* and calculate the offset in the metadata resource of the root dentry.
* */
- ret = read_wim_security_data(buf, metadata_len, &security_data);
+ ret = read_wim_security_data(buf, metadata_len, &imd->security_data);
if (ret)
goto out_free_buf;
}
ret = read_dentry(buf, metadata_len,
- security_data->total_length, root);
+ imd->security_data->total_length, root);
if (ret == 0 && root->length == 0) {
ERROR("Metadata resource cannot begin with end-of-directory entry!");
goto out_free_dentry_tree;
if (!wim->all_images_verified) {
+ /* Note: verify_dentry() expects to access imd->security_data,
+ * so it needs to be set before here. */
DEBUG("Running miscellaneous verifications on the dentry tree");
for_lookup_table_entry(wim->lookup_table, lte_zero_real_refcnt, NULL);
ret = for_dentry_in_tree(root, verify_dentry, wim);
DEBUG("Done reading image metadata");
imd->root_dentry = root;
- imd->security_data = security_data;
INIT_LIST_HEAD(&imd->unhashed_streams);
goto out_free_buf;
out_free_dentry_tree:
free_dentry_tree(root, wim->lookup_table);
out_free_security_data:
- free_wim_security_data(security_data);
+ free_wim_security_data(imd->security_data);
+ imd->security_data = NULL;
out_free_buf:
FREE(buf);
return ret;