Skip to content

Commit

Permalink
fix: only check version after parsing fetched ss and ts
Browse files Browse the repository at this point in the history
We check the length and hashes of the fetched bytes before parsing them,
therefore once the data are parsed into a FileMeta we only need to check
against the expected version. The length and hashes checks are no longer
required at this point, as they have already been done.

Signed-off-by: Joshua Lock <[email protected]>
  • Loading branch information
joshuagl committed Jun 21, 2022
1 parent 89bb6cd commit 22abd01
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -683,10 +683,12 @@ func (c *Client) downloadMetaFromSnapshot(name string, m data.SnapshotFileMeta)
if err != nil {
return nil, err
}
// 5.6.4 - Check against snapshot role's targets hash and version
if err := util.SnapshotFileMetaEqual(meta, m); err != nil {

// 5.6.4 - Check against snapshot role's version
if err := util.VersionEqual(meta.Version, m.Version); err != nil {
return nil, ErrDownloadFailed{name, err}
}

return b, nil
}

Expand All @@ -705,10 +707,12 @@ func (c *Client) downloadMetaFromTimestamp(name string, m data.TimestampFileMeta
if err != nil {
return nil, err
}
// 5.5.4 - Check against timestamp role's snapshot hash and version
if err := util.TimestampFileMetaEqual(meta, m); err != nil {

// 5.5.4 - Check against timestamp role's version
if err := util.VersionEqual(meta.Version, m.Version); err != nil {
return nil, ErrDownloadFailed{name, err}
}

return b, nil
}

Expand Down

0 comments on commit 22abd01

Please sign in to comment.