We use cookies to ensure you get the best experience on our website
Halaman utama Jelajahi Bantuan
Daftar Masuk
0ct0pu5
/
moby
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

container.BaseFS: check for nil before deref

Commit 7a7357dae1bccc ("LCOW: Implemented support for docker cp + build")
changed `container.BaseFS` from being a string (that could be empty but
can't lead to nil pointer dereference) to containerfs.ContainerFS,
which could be be `nil` and so nil dereference is at least theoretically
possible, which leads to panic (i.e. engine crashes).

Such a panic can be avoided by carefully analysing the source code in all
the places that dereference a variable, to make the variable can't be nil.
Practically, this analisys are impossible as code is constantly
evolving.

Still, we need to avoid panics and crashes. A good way to do so is to
explicitly check that a variable is non-nil, returning an error
otherwise. Even in case such a check looks absolutely redundant,
further changes to the code might make it useful, and having an
extra check is not a big price to pay to avoid a panic.

This commit adds such checks for all the places where it is not obvious
that container.BaseFS is not nil (which in this case means we do not
call daemon.Mount() a few lines earlier).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kir Kolyshkin 7 tahun lalu
induk
81f6307eda
melakukan
d6ea46ceda
4 mengubah file dengan 16 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 7 0
      container/archive.go
  2. 3 0
      container/container.go
  3. 3 0
      daemon/oci_linux.go
  4. 3 0
      daemon/oci_windows.go

+ 7 - 0
container/archive.go
Tampilan Berkas 

@@ -6,6 +6,7 @@ import (
 
 	"github.com/docker/docker/api/types"
 
 	"github.com/docker/docker/pkg/archive"
 
 	"github.com/docker/docker/pkg/system"
 
+	"github.com/pkg/errors"
 
 )
 
 
 // ResolvePath resolves the given path in the container to a resource on the
 
@@ -13,6 +14,9 @@ import (
 
 // the absolute path to the resource relative to the container's rootfs, and
 
 // an error if the path points to outside the container's rootfs.
 
 func (container *Container) ResolvePath(path string) (resolvedPath, absPath string, err error) {
 
+	if container.BaseFS == nil {
 
+		return "", "", errors.New("ResolvePath: BaseFS of container " + container.ID + " is unexpectedly nil")
 
+	}
 
 	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
 
 	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path, container.BaseFS)
 
 	if err != nil {
 
@@ -45,6 +49,9 @@ func (container *Container) ResolvePath(path string) (resolvedPath, absPath stri
 
 // resolved to a path on the host corresponding to the given absolute path
 
 // inside the container.
 
 func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.ContainerPathStat, err error) {
 
+	if container.BaseFS == nil {
 
+		return nil, errors.New("StatPath: BaseFS of container " + container.ID + " is unexpectedly nil")
 
+	}
 
 	driver := container.BaseFS
 
 
 	lstat, err := driver.Lstat(resolvedPath)

+ 3 - 0
container/container.go
Tampilan Berkas 

@@ -311,6 +311,9 @@ func (container *Container) SetupWorkingDirectory(rootIDs idtools.IDPair) error
 
 //       symlinking to a different path) between using this method and using the
 
 //       path. See symlink.FollowSymlinkInScope for more details.
 
 func (container *Container) GetResourcePath(path string) (string, error) {
 
+	if container.BaseFS == nil {
 
+		return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly nil")
 
+	}
 
 	// IMPORTANT - These are paths on the OS where the daemon is running, hence
 
 	// any filepath operations must be done in an OS agnostic way.
 
 	r, e := container.BaseFS.ResolveScopedPath(path, false)

+ 3 - 0
daemon/oci_linux.go
Tampilan Berkas 

@@ -705,6 +705,9 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 
 }
 
 
 func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
 
+	if c.BaseFS == nil {
 
+		return errors.New("populateCommonSpec: BaseFS of container " + c.ID + " is unexpectedly nil")
 
+	}
 
 	linkedEnv, err := daemon.setupLinkedContainers(c)
 
 	if err != nil {
 
 		return err

+ 3 - 0
daemon/oci_windows.go
Tampilan Berkas 

@@ -221,6 +221,9 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 
 
 // Sets the Windows-specific fields of the OCI spec
 
 func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.Spec, isHyperV bool) error {
 
+	if c.BaseFS == nil {
 
+		return errors.New("createSpecWindowsFields: BaseFS of container " + c.ID + " is unexpectedly nil")
 
+	}
 
 	if len(s.Process.Cwd) == 0 {
 
 		// We default to C:\ to workaround the oddity of the case that the
 
 		// default directory for cmd running as LocalSystem (or

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5