From 694f1955dc495b72a3232bf870e9839bdeb9bff9 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers3@gmail.com>
Date: Mon, 20 May 2013 00:12:49 -0500
Subject: [PATCH 1/1] read_metadata_resource(): Check SHA-1 message digest

---
 src/metadata_resource.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/metadata_resource.c b/src/metadata_resource.c
index 13ebf51f..13aa5b8d 100644
--- a/src/metadata_resource.c
+++ b/src/metadata_resource.c
@@ -59,6 +59,7 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
 	struct wim_dentry *root;
 	const struct wim_lookup_table_entry *metadata_lte;
 	u64 metadata_len;
+	u8 hash[SHA1_HASH_SIZE];
 
 	metadata_lte = imd->metadata_lte;
 	metadata_len = wim_resource_size(metadata_lte);
@@ -99,6 +100,14 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
 	if (ret)
 		goto out_free_buf;
 
+	sha1_buffer(buf, metadata_len, hash);
+	if (!hashes_equal(metadata_lte->hash, hash))
+	{
+		ERROR("Metadata resource is corrupted (invalid SHA-1 message digest)!");
+		ret = WIMLIB_ERR_INVALID_RESOURCE_HASH;
+		goto out_free_buf;
+	}
+
 	DEBUG("Finished reading metadata resource into memory.");
 
 	/* The root directory entry starts after security data, aligned on an
-- 
2.43.0