0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Stop ADD from following symlinks outside the context when passed as the first argument

Browse source 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)

Docker-DCO-1.1-Signed-off-by: Tianon Gravi <admwiggin@gmail.com> (github: crosbymichael)
This commit is contained in:
Tianon Gravi 2014-01-11 05:46:11 -07:00 committed by Michael Crosby
parent 845b816686
commit ad69836247
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
buildfile.go
View file

@ -287,6 +287,11 @@ func (b *buildFile) CmdVolume(args string) error {
func (b *buildFile) checkPathForAddition(orig string) error {
origPath := path.Join(b.contextPath, orig)
if p, err := filepath.EvalSymlinks(origPath); err != nil {
return err
} else {
origPath = p
}
if !strings.HasPrefix(origPath, b.contextPath) {
return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath)
}