jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix unexpected delete bug when container id is .. 

Signed-off-by: Lifubang <lifubang@acmcoder.com>
This commit is contained in:
Lifubang 2018-08-31 11:17:42 +08:00
parent 1555a78945
commit d2d226e8f9
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
libcontainer/factory_linux.go
View File

@ -229,6 +229,10 @@ func (l *LinuxFactory) Load(id string) (Container, error) {
if l.Root == "" { if l.Root == "" {
return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid) return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
} }
//when load, we need to check id is valid or not.
if err := l.validateID(id); err != nil {
return nil, err
}
containerRoot := filepath.Join(l.Root, id) containerRoot := filepath.Join(l.Root, id)
state, err := l.loadState(containerRoot, id) state, err := l.loadState(containerRoot, id)
if err != nil { if err != nil {
@ -355,7 +359,23 @@ func (l *LinuxFactory) loadState(root, id string) (*State, error) {
} }
func (l *LinuxFactory) validateID(id string) error { func (l *LinuxFactory) validateID(id string) error {
if !idRegex.MatchString(id) { if !idRegex.MatchString(id) || id == ".." || id == "." {
return newGenericError(fmt.Errorf("invalid id format: %v", id), InvalidIdFormat)
}
//For unforeseen invalid id situations, can checked by is SubDir?
rootPath, err := filepath.Abs(l.Root)
if err != nil {
return err
}
containerRoot := filepath.Join(l.Root, id)
rootCheckPath, err := filepath.Abs(filepath.Join(containerRoot, ".."))
if err != nil {
return err
}
if rootPath != rootCheckPath {
return newGenericError(fmt.Errorf("invalid id format: %v", id), InvalidIdFormat) return newGenericError(fmt.Errorf("invalid id format: %v", id), InvalidIdFormat)
} }