docker/cli

Fork 0

mirror of https://github.com/docker/cli.git synced 2026-01-26 15:41:42 +03:00

Commit Graph

Author	SHA1	Message	Date
Yong Tang	154b3f0e4f	Restrict checkpoint name to prevent directory traversal This fix tries to address the issue raised in 28769 where checkpoint name was not checked before passing to containerd. As a result, it was possible to use a special checkpoint name to get outside of the container's directory. This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`). This is the same as container name restriction. This fix fixes 28769. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> Upstream-commit: c90ec0517544e7d054d79f71f4d24d9ebbad7408 Component: engine	2016-11-23 13:23:07 -08:00
Jessica Frazelle	26657d68aa	update volume name regex Disallow creating a volume starting with a /. Signed-off-by: Jessica Frazelle <acidburn@docker.com> Upstream-commit: b46f044bf71309088b30c1172d4c69287c6a99df Component: engine	2016-01-04 15:00:49 -08:00
David Calavera	f1b2a78ca3	Move volume name validation to the local driver. Delegate validation tasks to the volume drivers. It's up to them to decide whether a name is valid or not. Restrict volume names for the local driver to prevent creating mount points outside docker's volumes directory. Signed-off-by: David Calavera <david.calavera@gmail.com> Upstream-commit: d6d60287ee3a8a064340582d65c131181ae77127 Component: engine	2015-10-21 12:28:26 -04:00

Author

SHA1

Message

Date

Yong Tang

154b3f0e4f

Restrict checkpoint name to prevent directory traversal

This fix tries to address the issue raised in 28769 where
checkpoint name was not checked before passing to containerd.
As a result, it was possible to use a special checkpoint name
to get outside of the container's directory.

This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`).
This is the same as container name restriction.

This fix fixes 28769.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c90ec0517544e7d054d79f71f4d24d9ebbad7408
Component: engine

2016-11-23 13:23:07 -08:00

Jessica Frazelle

26657d68aa

update volume name regex

Disallow creating a volume starting with a /.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: b46f044bf71309088b30c1172d4c69287c6a99df
Component: engine

2016-01-04 15:00:49 -08:00

David Calavera

f1b2a78ca3

Move volume name validation to the local driver.

Delegate validation tasks to the volume drivers. It's up to them
to decide whether a name is valid or not.
Restrict volume names for the local driver to prevent creating
mount points outside docker's volumes directory.

Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: d6d60287ee3a8a064340582d65c131181ae77127
Component: engine

2015-10-21 12:28:26 -04:00

3 Commits