From 83bbf21f1af2fab9378ac9478599fcad03406749 Mon Sep 17 00:00:00 2001
From: Rached Ben Mustapha <rached@benmur.net>
Date: Thu, 4 Feb 2016 22:54:26 +0000
Subject: [PATCH] checker: Validate pack checksums before unpacking

This avoids reading a possibly invalid size at the end of a corrupted pack
---
 checker/checker.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/checker/checker.go b/checker/checker.go
index 97fe8df58..11becdeb7 100644
--- a/checker/checker.go
+++ b/checker/checker.go
@@ -652,6 +652,12 @@ func checkPack(r *repository.Repository, id backend.ID) error {
 		return err
 	}
 
+	hash := backend.Hash(buf)
+	if !hash.Equal(id) {
+		debug.Log("Checker.checkPack", "Pack ID does not match, want %v, got %v", id.Str(), hash.Str())
+		return fmt.Errorf("Pack ID does not match, want %v, got %v", id.Str(), hash.Str())
+	}
+
 	unpacker, err := pack.NewUnpacker(r.Key(), bytes.NewReader(buf))
 	if err != nil {
 		return err
@@ -671,8 +677,8 @@ func checkPack(r *repository.Repository, id backend.ID) error {
 
 		hash := backend.Hash(plainBuf)
 		if !hash.Equal(blob.ID) {
-			debug.Log("Checker.checkPack", "  ID does not match, want %v, got %v", blob.ID.Str(), hash.Str())
-			errs = append(errs, fmt.Errorf("ID does not match, want %v, got %v", blob.ID.Str(), hash.Str()))
+			debug.Log("Checker.checkPack", "  Blob ID does not match, want %v, got %v", blob.ID.Str(), hash.Str())
+			errs = append(errs, fmt.Errorf("Blob ID does not match, want %v, got %v", blob.ID.Str(), hash.Str()))
 			continue
 		}
 	}