From: Eric Biggers <ebiggers3@gmail.com>
Date: Mon, 20 May 2013 05:12:49 +0000 (-0500)
Subject: read_metadata_resource(): Check SHA-1 message digest
X-Git-Tag: v1.4.1~86
X-Git-Url: https://wimlib.net/git/?p=wimlib;a=commitdiff_plain;h=694f1955dc495b72a3232bf870e9839bdeb9bff9

read_metadata_resource(): Check SHA-1 message digest
---

diff --git a/src/metadata_resource.c b/src/metadata_resource.c
index 13ebf51f..13aa5b8d 100644
--- a/src/metadata_resource.c
+++ b/src/metadata_resource.c
@@ -59,6 +59,7 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
 	struct wim_dentry *root;
 	const struct wim_lookup_table_entry *metadata_lte;
 	u64 metadata_len;
+	u8 hash[SHA1_HASH_SIZE];
 
 	metadata_lte = imd->metadata_lte;
 	metadata_len = wim_resource_size(metadata_lte);
@@ -99,6 +100,14 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
 	if (ret)
 		goto out_free_buf;
 
+	sha1_buffer(buf, metadata_len, hash);
+	if (!hashes_equal(metadata_lte->hash, hash))
+	{
+		ERROR("Metadata resource is corrupted (invalid SHA-1 message digest)!");
+		ret = WIMLIB_ERR_INVALID_RESOURCE_HASH;
+		goto out_free_buf;
+	}
+
 	DEBUG("Finished reading metadata resource into memory.");
 
 	/* The root directory entry starts after security data, aligned on an