Cleanup and update NEWS

[wimlib] / src / metadata_resource.c

diff --git a/src/metadata_resource.c b/src/metadata_resource.c
index 5b22ab6dd378a2503e4b728b7d4c87fc527eccb5..041d1f78007bb843631e84f578268fa5f8f88a87 100644 (file)
--- a/src/metadata_resource.c
+++ b/src/metadata_resource.c
@@ -59,7 +59,7 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
        struct wim_dentry *root;
        const struct wim_lookup_table_entry *metadata_lte;
        u64 metadata_len;
-       struct wim_security_data *security_data;
+       u8 hash[SHA1_HASH_SIZE];
 
        metadata_lte = imd->metadata_lte;
        metadata_len = wim_resource_size(metadata_lte);
@@ -100,6 +100,13 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
        if (ret)
                goto out_free_buf;
 
+       sha1_buffer(buf, metadata_len, hash);
+       if (!hashes_equal(metadata_lte->hash, hash)) {
+               ERROR("Metadata resource is corrupted (invalid SHA-1 message digest)!");
+               ret = WIMLIB_ERR_INVALID_RESOURCE_HASH;
+               goto out_free_buf;
+       }
+
        DEBUG("Finished reading metadata resource into memory.");
 
        /* The root directory entry starts after security data, aligned on an
@@ -114,7 +121,7 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
         * and calculate the offset in the metadata resource of the root dentry.
         * */
 
-       ret = read_wim_security_data(buf, metadata_len, &security_data);
+       ret = read_wim_security_data(buf, metadata_len, &imd->security_data);
        if (ret)
                goto out_free_buf;
 
@@ -128,7 +135,7 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
        }
 
        ret = read_dentry(buf, metadata_len,
-                         security_data->total_length, root);
+                         imd->security_data->total_length, root);
 
        if (ret == 0 && root->length == 0) {
                ERROR("Metadata resource cannot begin with end-of-directory entry!");
@@ -157,6 +164,8 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
                goto out_free_dentry_tree;
 
        if (!wim->all_images_verified) {
+               /* Note: verify_dentry() expects to access imd->security_data,
+                * so it needs to be set before here. */
                DEBUG("Running miscellaneous verifications on the dentry tree");
                for_lookup_table_entry(wim->lookup_table, lte_zero_real_refcnt, NULL);
                ret = for_dentry_in_tree(root, verify_dentry, wim);
@@ -167,13 +176,13 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
        DEBUG("Done reading image metadata");
 
        imd->root_dentry = root;
-       imd->security_data = security_data;
        INIT_LIST_HEAD(&imd->unhashed_streams);
        goto out_free_buf;
 out_free_dentry_tree:
        free_dentry_tree(root, wim->lookup_table);
 out_free_security_data:
-       free_wim_security_data(security_data);
+       free_wim_security_data(imd->security_data);
+       imd->security_data = NULL;
 out_free_buf:
        FREE(buf);
        return ret;