docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-18 08:21:31 +03:00
Code Activity

archive: prevent breakout in ApplyLayer

Browse Source 
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Upstream-commit: 04175d07634600f2a5cf43dd197eb2a926aba8b9
Component: engine
This commit is contained in:
Tibor Vass
2014-10-31 13:18:39 -04:00
committed by unclejack
parent 8b11f8cf5c
commit 46a36325cb
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/engine/pkg/archive/diff.go
View File

@@ -24,6 +24,8 @@ func mkdev(major int64, minor int64) uint32 {
// ApplyLayer parses a diff in the standard layer format from `layer`, and
// applies it to the directory `dest`.
func ApplyLayer(dest string, layer ArchiveReader) error {
dest = filepath.Clean(dest)
// We need to be able to set any perms
oldmask := syscall.Umask(0)
defer syscall.Umask(oldmask)
@@ -93,6 +95,12 @@ func ApplyLayer(dest string, layer ArchiveReader) error {
path := filepath.Join(dest, hdr.Name)
base := filepath.Base(path)
// Prevent symlink breakout
if !strings.HasPrefix(path, dest) {
return breakoutError(fmt.Errorf("%q is outside of %q", path, dest))
}
if strings.HasPrefix(base, ".wh.") {
originalBase := base[len(".wh."):]
originalPath := filepath.Join(filepath.Dir(path), originalBase)