From 970806ab4a3bfe051870afb7b6b6f44a2ce4579b Mon Sep 17 00:00:00 2001 From: Catherine Date: Sat, 30 May 2026 13:41:30 +0000 Subject: [PATCH] Fix opaque panic on invariant violation in `ApplyTarPatch`. To reproduce, use PUT to upload this archive (`unzstd | base64 -d`): KLUv/QRY7QIAxAJhL2IAMDAwMDY0NDAwMDAwMDEAADAwNzU2MAAgMAB1c3RhcgAwAGEAMzM3 YREA/UEF/EC9Y0AdDJBP8GDCTaDGBxATkAAd3gJoMPAbJANAciACGDTAsXKZngAR/m3nXA== then issue any PATCH request to that site. After this commit, the server returns "malformed manifest (not a directory)" instead of "assignment to entry in nil map". While ideally incoming manifests should be checked for consistency regardless of how they're uploaded, in practice this is only a self-DoS so it's probably not worth fixing. V12-Ref: F-77244 --- src/patch.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/patch.go b/src/patch.go index b82b784..da93dad 100644 --- a/src/patch.go +++ b/src/patch.go @@ -52,13 +52,16 @@ func ApplyTarPatch(manifest *Manifest, reader io.Reader, parents CreateParentsMo iter := root for _, segment := range segments[:len(segments)-1] { if iter.children == nil { - panic("malformed manifest (not a directory)") + break // error handled below } else if _, exists := iter.children[segment]; !exists { panic("malformed manifest (node does not exist)") } else { iter = iter.children[segment] } } + if iter.children == nil { + panic("malformed manifest (not a directory)") + } iter.children[fileName] = node } }