sigstore · haydentherapper · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024
diff --git a/cmd/cosign/cli/verify/verify_blob_attestation.go b/cmd/cosign/cli/verify/verify_blob_attestation.go
@@ -34,6 +34,7 @@ import (
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor"
 	internal "github.com/sigstore/cosign/v2/internal/pkg/cosign"
+	payloadsize "github.com/sigstore/cosign/v2/internal/pkg/cosign/payload/size"
 	"github.com/sigstore/cosign/v2/internal/pkg/cosign/tsa"
 	"github.com/sigstore/cosign/v2/pkg/blob"
 	"github.com/sigstore/cosign/v2/pkg/cosign"
@@ -117,6 +118,14 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st
 			return err
 		}
 		defer f.Close()
+		fileInfo, err := f.Stat()
+		if err != nil {
+			return err
+		}
+		err = payloadsize.CheckSize(uint64(fileInfo.Size()))
+		if err != nil {
+			return err
+		}
 
 		payload = internal.NewHashReader(f, sha256.New())
 		if _, err := io.ReadAll(&payload); err != nil {

diff --git a/cmd/cosign/cli/verify/verify_blob_attestation_test.go b/cmd/cosign/cli/verify/verify_blob_attestation_test.go
@@ -32,6 +32,7 @@ gZPFIp557+TOoDxf14FODWc+sIPETk0OgCplAk60doVXbCv33IU4rXZHrg==
 const (
 	blobContents                         = "some-payload"
 	anotherBlobContents                  = "another-blob"
+	hugeBlobContents                     = "hugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayloadhugepayload"
 	blobSLSAProvenanceSignature          = "eyJwYXlsb2FkVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5pbi10b3RvK2pzb24iLCJwYXlsb2FkIjoiZXlKZmRIbHdaU0k2SW1oMGRIQnpPaTh2YVc0dGRHOTBieTVwYnk5VGRHRjBaVzFsYm5RdmRqQXVNU0lzSW5CeVpXUnBZMkYwWlZSNWNHVWlPaUpvZEhSd2N6b3ZMM05zYzJFdVpHVjJMM0J5YjNabGJtRnVZMlV2ZGpBdU1pSXNJbk4xWW1wbFkzUWlPbHQ3SW01aGJXVWlPaUppYkc5aUlpd2laR2xuWlhOMElqcDdJbk5vWVRJMU5pSTZJalkxT0RjNE1XTmtOR1ZrT1dKallUWXdaR0ZqWkRBNVpqZGlZamt4TkdKaU5URTFNREpsT0dJMVpEWXhPV1kxTjJZek9XRXhaRFkxTWpVNU5tTmpNalFpZlgxZExDSndjbVZrYVdOaGRHVWlPbnNpWW5WcGJHUmxjaUk2ZXlKcFpDSTZJaklpZlN3aVluVnBiR1JVZVhCbElqb2llQ0lzSW1sdWRtOWpZWFJwYjI0aU9uc2lZMjl1Wm1sblUyOTFjbU5sSWpwN2ZYMTlmUT09Iiwic2lnbmF0dXJlcyI6W3sia2V5aWQiOiIiLCJzaWciOiJNRVVDSUE4S2pacWtydDkwZnpCb2pTd3d0ajNCcWI0MUU2cnV4UWs5N1RMbnB6ZFlBaUVBek9Bak9Uenl2VEhxYnBGREFuNnpocmc2RVp2N2t4SzVmYVJvVkdZTWgyYz0ifV19"
 	dssePredicateEmptySubject            = "eyJwYXlsb2FkVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5pbi10b3RvK2pzb24iLCJwYXlsb2FkIjoiZXlKZmRIbHdaU0k2SW1oMGRIQnpPaTh2YVc0dGRHOTBieTVwYnk5VGRHRjBaVzFsYm5RdmRqQXVNU0lzSW5CeVpXUnBZMkYwWlZSNWNHVWlPaUpvZEhSd2N6b3ZMM05zYzJFdVpHVjJMM0J5YjNabGJtRnVZMlV2ZGpBdU1pSXNJbk4xWW1wbFkzUWlPbHRkTENKd2NtVmthV05oZEdVaU9uc2lZblZwYkdSbGNpSTZleUpwWkNJNklqSWlmU3dpWW5WcGJHUlVlWEJsSWpvaWVDSXNJbWx1ZG05allYUnBiMjRpT25zaVkyOXVabWxuVTI5MWNtTmxJanA3ZlgxOWZRPT0iLCJzaWduYXR1cmVzIjpbeyJrZXlpZCI6IiIsInNpZyI6Ik1FWUNJUUNrTEV2NkhZZ0svZDdUK0N3NTdXbkZGaHFUTC9WalAyVDA5Q2t1dk1nbDRnSWhBT1hBM0lhWWg1M1FscVk1eVU4cWZxRXJma2tGajlEakZnaWovUTQ2NnJSViJ9XX0="
 	dssePredicateMissingSha256           = "eyJwYXlsb2FkVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5pbi10b3RvK2pzb24iLCJwYXlsb2FkIjoiZXlKZmRIbHdaU0k2SW1oMGRIQnpPaTh2YVc0dGRHOTBieTVwYnk5VGRHRjBaVzFsYm5RdmRqQXVNU0lzSW5CeVpXUnBZMkYwWlZSNWNHVWlPaUpvZEhSd2N6b3ZMM05zYzJFdVpHVjJMM0J5YjNabGJtRnVZMlV2ZGpBdU1pSXNJbk4xWW1wbFkzUWlPbHQ3SW01aGJXVWlPaUppYkc5aUlpd2laR2xuWlhOMElqcDdmWDFkTENKd2NtVmthV05oZEdVaU9uc2lZblZwYkdSbGNpSTZleUpwWkNJNklqSWlmU3dpWW5WcGJHUlVlWEJsSWpvaWVDSXNJbWx1ZG05allYUnBiMjRpT25zaVkyOXVabWxuVTI5MWNtTmxJanA3ZlgxOWZRPT0iLCJzaWduYXR1cmVzIjpbeyJrZXlpZCI6IiIsInNpZyI6Ik1FVUNJQysvM2M4RFo1TGFZTEx6SFZGejE3ZmxHUENlZXVNZ2tIKy8wa2s1cFFLUEFpRUFqTStyYnBBRlJybDdpV0I2Vm9BYVZPZ3U3NjRRM0JKdHI1bHk4VEFHczNrPSJ9XX0="
@@ -46,13 +47,15 @@ func TestVerifyBlobAttestation(t *testing.T) {
 
 	blobPath := writeBlobFile(t, td, blobContents, "blob")
 	anotherBlobPath := writeBlobFile(t, td, anotherBlobContents, "other-blob")
+	hugeBlobPath := writeBlobFile(t, td, hugeBlobContents, "huge-blob")
 	keyRef := writeBlobFile(t, td, pubkey, "cosign.pub")
 
 	tests := []struct {
 		description   string
 		blobPath      string
 		signature     string
 		predicateType string
+		env           map[string]string
 		shouldErr     bool
 	}{
 		{
@@ -98,11 +101,20 @@ func TestVerifyBlobAttestation(t *testing.T) {
 			signature:     dssePredicateMultipleSubjectsInvalid,
 			blobPath:      blobPath,
 			shouldErr:     true,
+		}, {
+			description: "override file size limit",
+			signature:   blobSLSAProvenanceSignature,
+			blobPath:    hugeBlobPath,
+			env:         map[string]string{"COSIGN_MAX_ATTACHMENT_SIZE": "128"},
+			shouldErr:   true,
 		},
 	}
 
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
+			for k, v := range test.env {
+				t.Setenv(k, v)
+			}
 			decodedSig, err := base64.StdEncoding.DecodeString(test.signature)
 			if err != nil {
 				t.Fatal(err)

diff --git a/go.mod b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46
 	github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7
+	github.com/dustin/go-humanize v1.0.1
 	github.com/go-openapi/runtime v0.28.0
 	github.com/go-openapi/strfmt v0.23.0
 	github.com/go-openapi/swag v0.23.0

diff --git a/internal/pkg/cosign/payload/size/errors.go b/internal/pkg/cosign/payload/size/errors.go
@@ -0,0 +1,31 @@
+// Copyright 2024 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package payload
+
+import "fmt"
+
+// MaxLayerSizeExceeded is an error indicating that the layer is too big to read into memory and cosign should abort processing it.
+type MaxLayerSizeExceeded struct {
+	value   uint64
+	maximum uint64
+}
+
+func NewMaxLayerSizeExceeded(value, maximum uint64) *MaxLayerSizeExceeded {
+	return &MaxLayerSizeExceeded{value, maximum}
+}
+
+func (e *MaxLayerSizeExceeded) Error() string {
+	return fmt.Sprintf("size of layer (%d) exceeded the limit (%d)", e.value, e.maximum)
+}
diff --git a/internal/pkg/cosign/payload/size/size.go b/internal/pkg/cosign/payload/size/size.go
@@ -0,0 +1,38 @@
+// Copyright 2024 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package payload
+
+import (
+	"github.com/dustin/go-humanize"
+	"github.com/sigstore/cosign/v2/pkg/cosign/env"
+)
+
+const defaultMaxSize = uint64(134217728) // 128MiB
+
+func CheckSize(size uint64) error {
+	maxSize := defaultMaxSize
+	maxSizeOverride, exists := env.LookupEnv(env.VariableMaxAttachmentSize)
+	if exists {
+		var err error
+		maxSize, err = humanize.ParseBytes(maxSizeOverride)
+		if err != nil {
+			maxSize = defaultMaxSize
+		}
+	}
+	if size > maxSize {
+		return NewMaxLayerSizeExceeded(size, maxSize)
+	}
+	return nil
+}
diff --git a/internal/pkg/cosign/payload/size/size_test.go b/internal/pkg/cosign/payload/size/size_test.go
@@ -0,0 +1,110 @@
+// Copyright 2024 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package payload
+
+import (
+	"testing"
+)
+
+func TestCheckSize(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   uint64
+		setting string
+		wantErr bool
+	}{
+		{
+			name:    "size is within default limit",
+			input:   1000,
+			wantErr: false,
+		},
+		{
+			name:    "size exceeds default limit",
+			input:   200000000,
+			wantErr: true,
+		},
+		{
+			name:    "size is within overridden limit (bytes)",
+			input:   1000,
+			setting: "1024",
+			wantErr: false,
+		},
+		{
+			name:    "size is exceeds overridden limit (bytes)",
+			input:   2000,
+			setting: "1024",
+			wantErr: true,
+		},
+		{
+			name:    "size is within overridden limit (megabytes, short form)",
+			input:   1999999,
+			setting: "2M",
+			wantErr: false,
+		},
+		{
+			name:    "size exceeds overridden limit (megabytes, short form)",
+			input:   2000001,
+			setting: "2M",
+			wantErr: true,
+		},
+		{
+			name:    "size is within overridden limit (megabytes, long form)",
+			input:   1999999,
+			setting: "2MB",
+			wantErr: false,
+		},
+		{
+			name:    "size exceeds overridden limit (megabytes, long form)",
+			input:   2000001,
+			setting: "2MB",
+			wantErr: true,
+		},
+		{
+			name:    "size is within overridden limit (mebibytes)",
+			input:   2097151,
+			setting: "2MiB",
+			wantErr: false,
+		},
+		{
+			name:    "size exceeds overridden limit (mebibytes)",
+			input:   2097153,
+			setting: "2MiB",
+			wantErr: true,
+		},
+		{
+			name:    "size is negative results in default",
+			input:   5121,
+			setting: "-5KiB",
+			wantErr: false,
+		},
+		{
+			name:    "invalid setting results in default",
+			input:   5121,
+			setting: "five kilobytes",
+			wantErr: false,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.setting != "" {
+				t.Setenv("COSIGN_MAX_ATTACHMENT_SIZE", test.setting)
+			}
+			got := CheckSize(test.input)
+			if (got != nil) != (test.wantErr) {
+				t.Errorf("CheckSize() = %v, expected %v", got, test.wantErr)
+			}
+		})
+	}
+}
diff --git a/pkg/cosign/env/env.go b/pkg/cosign/env/env.go
@@ -51,6 +51,7 @@ const (
 	VariablePKCS11ModulePath        Variable = "COSIGN_PKCS11_MODULE_PATH"
 	VariablePKCS11IgnoreCertificate Variable = "COSIGN_PKCS11_IGNORE_CERTIFICATE"
 	VariableRepository              Variable = "COSIGN_REPOSITORY"
+	VariableMaxAttachmentSize       Variable = "COSIGN_MAX_ATTACHMENT_SIZE"
 
 	// Sigstore environment variables
 	VariableSigstoreCTLogPublicKeyFile Variable = "SIGSTORE_CT_LOG_PUBLIC_KEY_FILE"
@@ -113,6 +114,11 @@ var (
 			Expects:     "string with a repository",
 			Sensitive:   false,
 		},
+		VariableMaxAttachmentSize: {
+			Description: "maximum attachment size to download (default 128MiB)",
+			Expects:     "human-readable unit of memory, e.g. 5120, 20K, 3M, 45MiB, 1GB",
+			Sensitive:   false,
+		},
 
 		VariableSigstoreCTLogPublicKeyFile: {
 			Description: "overrides what is used to validate the SCT coming back from Fulcio",

diff --git a/pkg/oci/errors.go b/pkg/oci/errors.go
@@ -0,0 +1,31 @@
+// Copyright 2024 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package oci
+
+import "fmt"
+
+// MaxLayersExceeded is an error indicating that the artifact has too many layers and cosign should abort processing it.
+type MaxLayersExceeded struct {
+	value   int64
+	maximum int64
+}
+
+func NewMaxLayersExceeded(value, maximum int64) *MaxLayersExceeded {
+	return &MaxLayersExceeded{value, maximum}
+}
+
+func (e *MaxLayersExceeded) Error() string {
+	return fmt.Sprintf("number of layers (%d) exceeded the limit (%d)", e.value, e.maximum)
+}
diff --git a/pkg/oci/internal/signature/layer.go b/pkg/oci/internal/signature/layer.go
@@ -24,6 +24,7 @@ import (
 	"strings"
 
 	v1 "github.com/google/go-containerregistry/pkg/v1"
+	payloadsize "github.com/sigstore/cosign/v2/internal/pkg/cosign/payload/size"
 	"github.com/sigstore/cosign/v2/pkg/cosign/bundle"
 	"github.com/sigstore/cosign/v2/pkg/oci"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
@@ -58,6 +59,14 @@ func (s *sigLayer) Annotations() (map[string]string, error) {
 
 // Payload implements oci.Signature
 func (s *sigLayer) Payload() ([]byte, error) {
+	size, err := s.Layer.Size()
+	if err != nil {
+		return nil, err
+	}
+	err = payloadsize.CheckSize(uint64(size))
+	if err != nil {
+		return nil, err
+	}
 	// Compressed is a misnomer here, we just want the raw bytes from the registry.
 	r, err := s.Layer.Compressed()
 	if err != nil {