oci: casext: explicitly disallow negative-size descriptors

This was implicitly allowed by VerifiedReadCloser, and while we have
closed that hole it's probably best to provide a more helpful error
message.

Ref: opencontainers/image-spec#1285
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

Author: cyphar

oci/casext/verified_blob.go

@@ -20,19 +20,27 @@ package casext
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"io"
 
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
 
 	"github.com/opencontainers/umoci/pkg/hardening"
 )
 
+var errInvalidDescriptorSize = errors.New("descriptor size must not be negative")
+
 // GetVerifiedBlob returns a VerifiedReadCloser for retrieving a blob from the
 // image, which the caller must Close() *and* read-to-EOF (checking the error
 // code of both). Returns ErrNotExist if the digest is not found, and
 // ErrBlobDigestMismatch on a mismatched blob digest. In addition, the reader
 // is limited to the descriptor.Size.
 func (e Engine) GetVerifiedBlob(ctx context.Context, descriptor ispec.Descriptor) (io.ReadCloser, error) {
+	// Negative sizes are not permitted by the spec, and are a DoS vector.
+	if descriptor.Size < 0 {
+		return nil, fmt.Errorf("invalid descriptor: %w", errInvalidDescriptorSize)
+	}
 	reader, err := e.GetBlob(ctx, descriptor.Digest)
 	return &hardening.VerifiedReadCloser{
 		Reader:         reader,