Fix opaque panic on invariant violation in ApplyTarPatch.

To reproduce, use PUT to upload this archive (`unzstd | base64 -d`):

KLUv/QRY7QIAxAJhL2IAMDAwMDY0NDAwMDAwMDEAADAwNzU2MAAgMAB1c3RhcgAwAGEAMzM3
YREA/UEF/EC9Y0AdDJBP8GDCTaDGBxATkAAd3gJoMPAbJANAciACGDTAsXKZngAR/m3nXA==

then issue any PATCH request to that site.

After this commit, the server returns "malformed manifest (not
a directory)" instead of "assignment to entry in nil map".

While ideally incoming manifests should be checked for consistency
regardless of how they're uploaded, in practice this is only a self-DoS
so it's probably not worth fixing.

V12-Ref: F-77244
This commit is contained in:
Catherine
2026-05-30 13:41:30 +00:00
parent 0849735f9e
commit 970806ab4a
+4 -1
View File
@@ -52,13 +52,16 @@ func ApplyTarPatch(manifest *Manifest, reader io.Reader, parents CreateParentsMo
iter := root
for _, segment := range segments[:len(segments)-1] {
if iter.children == nil {
panic("malformed manifest (not a directory)")
break // error handled below
} else if _, exists := iter.children[segment]; !exists {
panic("malformed manifest (node does not exist)")
} else {
iter = iter.children[segment]
}
}
if iter.children == nil {
panic("malformed manifest (not a directory)")
}
iter.children[fileName] = node
}
}