We use cookies to ensure you get the best experience on our website
탐색 도움말
가입하기 로그인
0ct0pu5
/
moby
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

Fix issue in `--ip6` validation for `docker create`

This fix tries to address the issue raised in comment:
https://github.com/docker/docker/pull/25943#discussion_r76843081
Previously, the validation for `ip6` is done by checking ParseIP().To16().
However, in case an IPv4 address or an IPv4-mapped Ipv6 address has been
provided, the validation will pass (should fail).

This fix first check if `--ip6` is passed with a valid IP address and returns
error for invalid IP addresses. It then check if an IPv4 or IPv4-mapped Ipv6
address is passed, and return error accordingly.

This fix adds two more cases in the tests. One for IPv4 address passed to `--ip6`
and another for Ipv4-mapped IPv6 address passed to `--ip6`. In both cases,
without this fix the validation will pass through.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Yong Tang 8 년 전
부모
fbcf0a50b2
커밋
1e6eccae69
2개의 변경된 파일13개의 추가작업 그리고 2개의 파일을 삭제
통합 보기 변경상태 보기
  1. 7 2
      daemon/create.go
  2. 6 0
      integration-cli/docker_cli_network_unix_test.go

+ 7 - 2
daemon/create.go
파일 보기 

@@ -256,8 +256,13 @@ func (daemon *Daemon) verifyNetworkingConfig(nwConfig *networktypes.NetworkingCo
 
 				if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil {
 
 				if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil {
 
 					return errors.NewBadRequestError(fmt.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address))
 
 					return errors.NewBadRequestError(fmt.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address))
 
 				}
 
 				}
 
-				if v.IPAMConfig.IPv6Address != "" && net.ParseIP(v.IPAMConfig.IPv6Address).To16() == nil {
 
-					return errors.NewBadRequestError(fmt.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address))
 
+				if v.IPAMConfig.IPv6Address != "" {
 
+					n := net.ParseIP(v.IPAMConfig.IPv6Address)
 
+					// if the address is an invalid network address (ParseIP == nil) or if it is
 
+					// an IPv4 address (To4() != nil), then it is an invalid IPv6 address
 
+					if n == nil || n.To4() != nil {
 
+						return errors.NewBadRequestError(fmt.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address))
 
+					}
 
 				}
 
 				}
 
 			}
 
 			}
 
 		}
 
 		}

+ 6 - 0
integration-cli/docker_cli_network_unix_test.go
파일 보기 

@@ -1749,4 +1749,10 @@ func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *check.C) {
 
 	c.Assert(err.Error(), checker.Contains, "invalid IPv4 address")
 
 	c.Assert(err.Error(), checker.Contains, "invalid IPv4 address")
 
 	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "172.28.99.99", "--ip6", "mynet_ip6", "busybox", "top")
 
 	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "172.28.99.99", "--ip6", "mynet_ip6", "busybox", "top")
 
 	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
 
 	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
 
+	// This is a case of IPv4 address to `--ip6`
 
+	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "172.28.99.99", "busybox", "top")
 
+	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
 
+	// This is a special case of an IPv4-mapped IPv6 address
 
+	_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "::ffff:172.28.99.99", "busybox", "top")
 
+	c.Assert(err.Error(), checker.Contains, "invalid IPv6 address")
 
 }
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5