fix: address vulnerability issues in notary implementations (#8428)

* fix: set max limit on referrers count Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add limit to max size of payload Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add max count limit on listsignatures Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add max signature size limit in FetchSignatureBlob Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-09-18 12:32:31 +05:30 · 2023-09-18 12:32:31 +05:30 · fec2992e3f
commit fec2992e3f
parent cef9a7a3d0
2 changed files with 25 additions and 0 deletions
--- a/pkg/notary/notary.go
+++ b/pkg/notary/notary.go
@ -24,6 +24,11 @@ import (
 	"go.uber.org/multierr"
 )

+var (
+	maxReferrersCount = 50
+	maxPayloadSize    = 10 * 1000 * 1000 // 10 MB
+)
+
 func NewVerifier() images.ImageVerifier {
 	return &notaryVerifier{
 		log: logging.WithName("Notary"),
@ -162,6 +167,11 @@ func (v *notaryVerifier) FetchAttestations(ctx context.Context, opts images.Opti
 		return nil, err
 	}

+	// See: https://github.com/kyverno/kyverno/security/advisories/GHSA-9g37-h7p2-2c6r
+	if len(referrersDescs.Manifests) > maxReferrersCount {
+		return nil, fmt.Errorf("failed to fetch referrers: to many referrers found, max limit is %d", maxReferrersCount)
+	}
+
 	v.log.V(4).Info("fetched referrers", "referrers", referrersDescs)

 	var statements []map[string]interface{}
@ -308,6 +318,11 @@ func extractStatement(ctx context.Context, repoRef name.Reference, desc v1.Descr
 	}
 	predicateDesc := manifest.Layers[0]

+	// See: https://github.com/kyverno/kyverno/security/advisories/GHSA-wc3x-5rfv-hh5v
+	if predicateDesc.Size > int64(maxPayloadSize) {
+		return nil, fmt.Errorf("payload size is too large, max size is %d: %+v", maxPayloadSize, predicateDesc)
+	}
+
 	layer, err := gcrremote.Layer(ref.Context().Digest(predicateDesc.Digest.String()), remoteOpts...)
 	if err != nil {
 		return nil, err
--- a/pkg/notary/repository.go
+++ b/pkg/notary/repository.go
@ -50,6 +50,11 @@ func (c *repositoryClient) ListSignatures(ctx context.Context, desc ocispec.Desc
 		return err
 	}

+	// See: https://github.com/kyverno/kyverno/security/advisories/GHSA-hjpv-68f4-2262
+	if len(referrersDescs.Manifests) > maxReferrersCount {
+		return fmt.Errorf("failed to fetch referrers: to many referrers found, max limit is %d", maxReferrersCount)
+	}
+
 	descList := []ocispec.Descriptor{}
 	for _, d := range referrersDescs.Manifests {
 		if d.ArtifactType == notationregistry.ArtifactTypeNotation {
@ -81,6 +86,11 @@ func (c *repositoryClient) FetchSignatureBlob(ctx context.Context, desc ocispec.
 	}
 	manifestDesc := manifest.Layers[0]

+	// See: https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r
+	if manifestDesc.Size > int64(maxPayloadSize) {
+		return nil, ocispec.Descriptor{}, fmt.Errorf("payload size is too large, max size is %d: %+v", maxPayloadSize, manifestDesc)
+	}
+
 	signatureBlobRef, err := name.ParseReference(c.getReferenceFromDescriptor(manifestDesc))
 	if err != nil {
 		return nil, ocispec.Descriptor{}, err