From baca6cb417bec87120d674d4bd2467aa76fe9345 Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Fri, 1 Dec 2023 15:37:10 +0000
Subject: [PATCH] Don't allow port in CIFS URL

When creating a CIFS volume, generate an error if the device URL
includes a port number, for example:
   --opt device="//some.server.com:2345/thepath"

The port must be specified in the port option instead, for example:
    --opt o=username=USERNAME,password=PASSWORD,vers=3,sec=ntlmsspi,port=1234

Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 volume/local/local_linux_test.go | 26 ++++++++++++++++++++++++++
 volume/local/local_unix.go       | 19 ++++++++++++-------
 2 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/volume/local/local_linux_test.go b/volume/local/local_linux_test.go
index 526a6ca257..07ebdf77fd 100644
--- a/volume/local/local_linux_test.go
+++ b/volume/local/local_linux_test.go
@@ -199,6 +199,32 @@ func TestVolCreateValidation(t *testing.T) {
 				"o":      "foo",
 			},
 		},
+		{
+			doc: "cifs",
+			opts: map[string]string{
+				"type":   "cifs",
+				"device": "//some.example.com/thepath",
+				"o":      "foo",
+			},
+		},
+		{
+			doc: "cifs with port in url",
+			opts: map[string]string{
+				"type":   "cifs",
+				"device": "//some.example.com:2345/thepath",
+				"o":      "foo",
+			},
+			expectedErr: "port not allowed in CIFS device URL, include 'port' in 'o='",
+		},
+		{
+			doc: "cifs with bad url",
+			opts: map[string]string{
+				"type":   "cifs",
+				"device": ":::",
+				"o":      "foo",
+			},
+			expectedErr: `error parsing mount device url: parse ":::": missing protocol scheme`,
+		},
 	}
 
 	for i, tc := range tests {
diff --git a/volume/local/local_unix.go b/volume/local/local_unix.go
index d06637bd31..420e179560 100644
--- a/volume/local/local_unix.go
+++ b/volume/local/local_unix.go
@@ -56,6 +56,15 @@ func (r *Root) validateOpts(opts map[string]string) error {
 			return errdefs.InvalidParameter(errors.Errorf("invalid option: %q", opt))
 		}
 	}
+	if typeOpt, deviceOpt := opts["type"], opts["device"]; typeOpt == "cifs" && deviceOpt != "" {
+		deviceURL, err := url.Parse(deviceOpt)
+		if err != nil {
+			return errdefs.InvalidParameter(errors.Wrapf(err, "error parsing mount device url"))
+		}
+		if deviceURL.Port() != "" {
+			return errdefs.InvalidParameter(errors.New("port not allowed in CIFS device URL, include 'port' in 'o='"))
+		}
+	}
 	if val, ok := opts["size"]; ok {
 		size, err := units.RAMInBytes(val)
 		if err != nil {
@@ -131,16 +140,12 @@ func (v *localVolume) mount() error {
 		if err != nil {
 			return errors.Wrapf(err, "error parsing mount device url")
 		}
-		if deviceURL.Host != "" && net.ParseIP(deviceURL.Hostname()) == nil {
-			ipAddr, err := net.ResolveIPAddr("ip", deviceURL.Hostname())
+		if deviceURL.Host != "" && net.ParseIP(deviceURL.Host) == nil {
+			ipAddr, err := net.ResolveIPAddr("ip", deviceURL.Host)
 			if err != nil {
 				return errors.Wrapf(err, "error resolving passed in network volume address")
 			}
-			if deviceURL.Port() != "" {
-				deviceURL.Host = net.JoinHostPort(ipAddr.String(), deviceURL.Port())
-			} else {
-				deviceURL.Host = ipAddr.String()
-			}
+			deviceURL.Host = ipAddr.String()
 			mountDevice = deviceURL.String()
 		}
 	}